IPv6 broken with Apache 2.2.19
Olli Hauer
ohauer at FreeBSD.org
Tue May 31 21:00:17 UTC 2011
On 2011-05-25 21:16, Nick Rosier wrote:
> On 25 May 2011 20:17, Jeremy Chadwick <freebsd at jdc.parodius.com> wrote:
>> On Wed, May 25, 2011 at 05:21:42PM +0200, Nick Rosier wrote:
>>> Since the upgrade from Apache 2.2.17 to 2.2.19 I'm unable to get IPv6
>>> to work; I keep getting following error:
>>>
>>> # grep Listen httpd.conf
>>> Listen x.x.x.x:80
>>> Listen [2001:x:x:x:x::1]:80
>>>
>>> # apachectl -t
>>> [Wed May 25 17:18:18 2011] [crit] (OS 1)Unknown host: alloc_listener:
>>> failed to set up sockaddr for [2001:x:x:x:x::1]
>>> Syntax error on line 41 of /usr/local/etc/apache22/httpd.conf:
>>> Listen setup failed
>>>
>>> Any ideas what I'm doing wrong?
>>
>> Assuming "OS 1" means errno 1 was returned, that's EPERM, which is
>> "Operation not permitted". Assuming this is coming from socket(2), that
>> correlates with:
>>
>> [EPERM] User has insufficient privileges to carry out the
>> requested operation.
>>
>> Do you have firewall rules or anything like that on this system? Is the
>> network interface actually up/usable at this point? Some Linux folks
>> have seen this problem (bug is still open):
>
> This instance runs in a Jail. I disabled pf but the problem persists.
> The interface is up and running (other services are binding to the
> IPv6 instance) without problems.
>
>> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/397393
>>
>> The Apache code in question which returns this error is in
>> server/listen.c. The error check is on line 323, and puts focus on APR
>> not so much Apache (httpd):
>>
>> 311 status = apr_socket_create(&new->sd, new->bind_addr->family,
>> 312 SOCK_STREAM, 0, process->pool);
>> 313
>> 314 #if APR_HAVE_IPV6
>> 315 /* What could happen is that we got an IPv6 address, but this system
>> 316 * doesn't actually support IPv6. Try the next address.
>> 317 */
>> 318 if (status != APR_SUCCESS && !addr &&
>> 319 new->bind_addr->family == APR_INET6) {
>> 320 continue;
>> 321 }
>> 322 #endif
>> 323 if (status != APR_SUCCESS) {
>> 324 ap_log_perror(APLOG_MARK, APLOG_CRIT, status, process->pool,
>> 325 "alloc_listener: failed to get a socket for %s",
>> 326 addr);
>> 327 return "Listen setup failed";
>> 328 }
>>
>> The ChangeLog between Apache 2.2.17 and 2.2.19 indicates absolutely no
>> changes were made WRT IPv6 code, so again that puts focus on APR.
>>
>>> # pkg_info | grep apr
>>> apr-ipv6-devrandom-gdbm-db42-1.4.5.1.3.12 Apache Portability Library
>>
>> The APR ChangeLog is filled with IPV6-related changes with 1.4.3, so the
>> question here is basically "what APR version were you using before you
>> upgraded"?
>>
>> http://www.apache.org/dist/apr/CHANGES-APR-1.4
>>
>> apr_socket_create() for *IX is in network_io/unix/sockets.c around line
>> 91, so let's look via ViewVC to see who's touched things recently
>> (though we have no idea what timeframe we should be looking at, since we
>> don't know what APR version you were using before the upgrade):
>
> Based on my logs I came from APR 1.4.3. I first noticed the problems
> going to Apache 2.2.18 with APR 1.4.4. So I guess this started after
> upgrade from 1.4.3 to 1.4.4
>
>> http://svn.apache.org/viewvc/apr/apr/tags/1.4.5/network_io/unix/sockets.c?view=log
>>
Strange ...
I just found the time to setup a ipv6 jail with current
apache-2.2.19 and apr-ipv6-devrandom-gdbm-db47-1.4.5.1.3.12
on a 8.2-amd62 machine and see no issues.
Host:
=========================
# ifconfig | grep inet
inet 172.1.1.40 netmask 0xffffff00 broadcast 172.1.1.255
inet6 2001:471:1f11:251:290:27ff:fee0:2100 prefixlen 64
inet 172.1.1.42 netmask 0xffffffff broadcast 172.1.1.42
inet6 2001:471:1f11:251:290:27ff:fee0:2110 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
Inside jail:
=========================
# ifconfig | grep inet
inet 172.1.1.42 netmask 0xffffffff broadcast 172.1.1.42
inet6 2001:471:1f11:251:290:27ff:fee0:2110 prefixlen 128
# grep -i listen httpd.conf
Listen 172.1.1.42:80
Listen [2001:471:1f11:251:290:27ff:fee0:2110]:80
# apachectl start
# tail /var/log/httpd-error.log
[Tue May 31 20:44:25 2011] [warn] Init: Session Cache is not configured [hint:
SSLSessionCache]
[Tue May 31 20:44:25 2011] [alert] (EAI 8)hostname nor servname provided, or not
known: mod_unique_id: unable to find IPv4 address of "ip6.example.com"
[Tue May 31 20:44:25 2011] [alert] mod_unique_id: using low-order bits of IPv6
address as if they were unique
[Tue May 31 20:44:26 2011] [notice] Digest: generating secret for digest
authentication ...
[Tue May 31 20:44:26 2011] [notice] Digest: done
[Tue May 31 20:44:26 2011] [alert] (EAI 8)hostname nor servname provided, or not
known: mod_unique_id: unable to find IPv4 address of "ip6.example.com"
[Tue May 31 20:44:26 2011] [alert] mod_unique_id: using low-order bits of IPv6
address as if they were unique
[Tue May 31 20:44:27 2011] [notice] Apache/2.2.19 (FreeBSD) mod_ssl/2.2.19
OpenSSL/0.9.8q DAV/2 configured -- resuming normal operations
# sockstat -4 |grep http
www httpd 17050 3 tcp4 172.1.1.42:80 *:*
www httpd 17049 3 tcp4 172.1.1.42:80 *:*
www httpd 17048 3 tcp4 172.1.1.42:80 *:*
www httpd 17047 3 tcp4 172.1.1.42:80 *:*
www httpd 17046 3 tcp4 172.1.1.42:80 *:*
root httpd 17044 3 tcp4 172.1.1.42:80 *:*
# sockstat -6 |grep http
www httpd 17050 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
www httpd 17049 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
www httpd 17048 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
www httpd 17047 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
www httpd 17046 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
root httpd 17044 4 tcp6 2001:471:1f11:251:290:27ff:fee0:2110:80 *:*
More information about the freebsd-apache
mailing list