From owner-freebsd-apache@FreeBSD.ORG Tue May 31 21:00:17 2011 Return-Path: Delivered-To: freebsd-apache@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FC66106566B for ; Tue, 31 May 2011 21:00:17 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from u18-124.dslaccess.de (unknown [194.231.39.124]) by mx1.freebsd.org (Postfix) with ESMTP id 04F4F8FC17 for ; Tue, 31 May 2011 21:00:17 +0000 (UTC) Received: from [172.20.1.100] (cde1100.uni.vrs [172.20.1.100]) (Authenticated sender: ohauer) by u18-124.dslaccess.de (Postfix) with ESMTPSA id A04AA20067; Tue, 31 May 2011 23:00:11 +0200 (CEST) Message-ID: <4DE556DA.6000007@FreeBSD.org> Date: Tue, 31 May 2011 23:00:10 +0200 From: Olli Hauer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: Nick Rosier References: <20110525181709.GA45908@icarus.home.lan> In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-apache@freebsd.org Subject: Re: IPv6 broken with Apache 2.2.19 X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ohauer@FreeBSD.org List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2011 21:00:17 -0000 On 2011-05-25 21:16, Nick Rosier wrote: > On 25 May 2011 20:17, Jeremy Chadwick wrote: >> On Wed, May 25, 2011 at 05:21:42PM +0200, Nick Rosier wrote: >>> Since the upgrade from Apache 2.2.17 to 2.2.19 I'm unable to get IPv6 >>> to work; I keep getting following error: >>> >>> # grep Listen httpd.conf >>> Listen x.x.x.x:80 >>> Listen [2001:x:x:x:x::1]:80 >>> >>> # apachectl -t >>> [Wed May 25 17:18:18 2011] [crit] (OS 1)Unknown host: alloc_listener: >>> failed to set up sockaddr for [2001:x:x:x:x::1] >>> Syntax error on line 41 of /usr/local/etc/apache22/httpd.conf: >>> Listen setup failed >>> >>> Any ideas what I'm doing wrong? >> >> Assuming "OS 1" means errno 1 was returned, that's EPERM, which is >> "Operation not permitted". Assuming this is coming from socket(2), that >> correlates with: >> >> [EPERM] User has insufficient privileges to carry out the >> requested operation. >> >> Do you have firewall rules or anything like that on this system? Is the >> network interface actually up/usable at this point? Some Linux folks >> have seen this problem (bug is still open): > > This instance runs in a Jail. I disabled pf but the problem persists. > The interface is up and running (other services are binding to the > IPv6 instance) without problems. > >> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/397393 >> >> The Apache code in question which returns this error is in >> server/listen.c. The error check is on line 323, and puts focus on APR >> not so much Apache (httpd): >> >> 311 status = apr_socket_create(&new->sd, new->bind_addr->family, >> 312 SOCK_STREAM, 0, process->pool); >> 313 >> 314 #if APR_HAVE_IPV6 >> 315 /* What could happen is that we got an IPv6 address, but this system >> 316 * doesn't actually support IPv6. Try the next address. >> 317 */ >> 318 if (status != APR_SUCCESS && !addr && >> 319 new->bind_addr->family == APR_INET6) { >> 320 continue; >> 321 } >> 322 #endif >> 323 if (status != APR_SUCCESS) { >> 324 ap_log_perror(APLOG_MARK, APLOG_CRIT, status, process->pool, >> 325 "alloc_listener: failed to get a socket for %s", >> 326 addr); >> 327 return "Listen setup failed"; >> 328 } >> >> The ChangeLog between Apache 2.2.17 and 2.2.19 indicates absolutely no >> changes were made WRT IPv6 code, so again that puts focus on APR. >> >>> # pkg_info | grep apr >>> apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12 Apache Portability Library >> >> The APR ChangeLog is filled with IPV6-related changes with 1.4.3, so the >> question here is basically "what APR version were you using before you >> upgraded"? >> >> http://www.apache.org/dist/apr/CHANGES-APR-1.4 >> >> apr_socket_create() for *IX is in network_io/unix/sockets.c around line >> 91, so let's look via ViewVC to see who's touched things recently >> (though we have no idea what timeframe we should be looking at, since we >> don't know what APR version you were using before the upgrade): > > Based on my logs I came from APR 1.4.3. I first noticed the problems > going to Apache 2.2.18 with APR 1.4.4. So I guess this started after > upgrade from 1.4.3 to 1.4.4 > >> http://svn.apache.org/viewvc/apr/apr/tags/1.4.5/network_io/unix/sockets.c?view=log >> Strange ... I just found the time to setup a ipv6 jail with current apache-2.2.19 and apr-ipv6-devrandom-gdbm-db47-1.4.5.1.3.12 on a 8.2-amd62 machine and see no issues. Host: ========================= # ifconfig | grep inet inet 172.1.1.40 netmask 0xffffff00 broadcast 172.1.1.255 inet6 2001:471:1f11:251:290:27ff:fee0:2100 prefixlen 64 inet 172.1.1.42 netmask 0xffffffff broadcast 172.1.1.42 inet6 2001:471:1f11:251:290:27ff:fee0:2110 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 Inside jail: ========================= # ifconfig | grep inet inet 172.1.1.42 netmask 0xffffffff broadcast 172.1.1.42 inet6 2001:471:1f11:251:290:27ff:fee0:2110 prefixlen 128 # grep -i listen httpd.conf Listen 172.1.1.42:80 Listen [2001:471:1f11:251:290:27ff:fee0:2110]:80 # apachectl start # tail /var/log/httpd-error.log [Tue May 31 20:44:25 2011] [warn] Init: Session Cache is not configured [hint: SSLSessionCache] [Tue May 31 20:44:25 2011] [alert] (EAI 8)hostname nor servname provided, or not known: mod_unique_id: unable to find IPv4 address of "ip6.example.com" [Tue May 31 20:44:25 2011] [alert] mod_unique_id: using low-order bits of IPv6 address as if they were unique [Tue May 31 20:44:26 2011] [notice] Digest: generating secret for digest authentication ... [Tue May 31 20:44:26 2011] [notice] Digest: done [Tue May 31 20:44:26 2011] [alert] (EAI 8)hostname nor servname provided, or not known: mod_unique_id: unable to find IPv4 address of "ip6.example.com" [Tue May 31 20:44:26 2011] [alert] mod_unique_id: using low-order bits of IPv6 address as if they were unique [Tue May 31 20:44:27 2011] [notice] Apache/2.2.19 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8q DAV/2 configured -- resuming normal operations # sockstat -4 |grep http www httpd 17050 3 tcp4 172.1.1.42:80 *:* www httpd 17049 3 tcp4 172.1.1.42:80 *:* www httpd 17048 3 tcp4 172.1.1.42:80 *:* www httpd 17047 3 tcp4 172.1.1.42:80 *:* www httpd 17046 3 tcp4 172.1.1.42:80 *:* root httpd 17044 3 tcp4 172.1.1.42:80 *:* # sockstat -6 |grep http www httpd 17050 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:* www httpd 17049 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:* www httpd 17048 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:* www httpd 17047 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:* www httpd 17046 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:* root httpd 17044 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*