Re: APR connector on Windows 8+ fails to listen on all addresses
Am 2021-05-27 um 15:41 schrieb Mark Thomas: On 27/05/2021 13:24, Mark Thomas wrote: On 27/05/2021 11:12, Michael Osipov wrote: Am 2021-05-27 um 11:52 schrieb Mark Thomas: Michael, I think we need to step back a bit. I am unable to recreate the issue you describe. I am using: - Windows Server 2019 - IPv6 enabled (and IPv4 and both have addresses) - Apache Tomcat 9.0.46 - Apache Tomcat Native 1.2.28 - AprLifecycleListener is enabled - No address configured for Connector - Logs confirm http-apr-8080 I can access the default home page via both IPv4 and IPv6 from both the local machine and remotely. Please try my simple program from this gist: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e Does this help? Thanks. That helped me narrow down where the differences where. If you run Tomcat as a service it binds both 0.0.0.0:8080 and [::]:8080. If you run it from the command line, it only binds [::]:8080. I'll take a look at the proposed APR patch next. I can confirm that the patch to APR fixes the issue for me too. With the original 1.2.28 DLL, starting Tomcat on the command line only binds to IPv6. With a patched 1.2.29-dev DLL, starting Tomcat on the command line binds to IPv6 and IPv4. Pefect! I'll tag and start the release process for Tomcat Native shortly. Before you do, I'd like to settle https://github.com/apache/tomcat-native/pull/9 This aligns with the NIO connectors for obtaining addresses by relying on the OS. Please have a look and share your opinion. M - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
On 27/05/2021 13:24, Mark Thomas wrote: On 27/05/2021 11:12, Michael Osipov wrote: Am 2021-05-27 um 11:52 schrieb Mark Thomas: Michael, I think we need to step back a bit. I am unable to recreate the issue you describe. I am using: - Windows Server 2019 - IPv6 enabled (and IPv4 and both have addresses) - Apache Tomcat 9.0.46 - Apache Tomcat Native 1.2.28 - AprLifecycleListener is enabled - No address configured for Connector - Logs confirm http-apr-8080 I can access the default home page via both IPv4 and IPv6 from both the local machine and remotely. Please try my simple program from this gist: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e Does this help? Thanks. That helped me narrow down where the differences where. If you run Tomcat as a service it binds both 0.0.0.0:8080 and [::]:8080. If you run it from the command line, it only binds [::]:8080. I'll take a look at the proposed APR patch next. I can confirm that the patch to APR fixes the issue for me too. With the original 1.2.28 DLL, starting Tomcat on the command line only binds to IPv6. With a patched 1.2.29-dev DLL, starting Tomcat on the command line binds to IPv6 and IPv4. I'll tag and start the release process for Tomcat Native shortly. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
On 27/05/2021 11:12, Michael Osipov wrote: Am 2021-05-27 um 11:52 schrieb Mark Thomas: Michael, I think we need to step back a bit. I am unable to recreate the issue you describe. I am using: - Windows Server 2019 - IPv6 enabled (and IPv4 and both have addresses) - Apache Tomcat 9.0.46 - Apache Tomcat Native 1.2.28 - AprLifecycleListener is enabled - No address configured for Connector - Logs confirm http-apr-8080 I can access the default home page via both IPv4 and IPv6 from both the local machine and remotely. Please try my simple program from this gist: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e Does this help? Thanks. That helped me narrow down where the differences where. If you run Tomcat as a service it binds both 0.0.0.0:8080 and [::]:8080. If you run it from the command line, it only binds [::]:8080. I'll take a look at the proposed APR patch next. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
Prefences in the OS: PS C:\Users\osipovmi> netsh interface ipv6 show prefixpolicies Der aktive Status wird abgefragt... Vorgänger Label Präfix -- - 50 0 :::0:0/96 40 1 ::1/128 30 2 ::/0 20 3 2002::/16 5 5 2001::/32 3 13 fc00::/7 1 11 fec0::/10 1 12 3ffe::/16 1 4 ::/96 Taken from https://superuser.com/a/436944/222550 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
Am 2021-05-27 um 11:52 schrieb Mark Thomas: Michael, I think we need to step back a bit. I am unable to recreate the issue you describe. I am using: - Windows Server 2019 - IPv6 enabled (and IPv4 and both have addresses) - Apache Tomcat 9.0.46 - Apache Tomcat Native 1.2.28 - AprLifecycleListener is enabled - No address configured for Connector - Logs confirm http-apr-8080 I can access the default home page via both IPv4 and IPv6 from both the local machine and remotely. On 25/05/2021 18:23, Michael Osipov wrote: >>> * Windows 8+ or Windows Server 2016/2019 * Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set. I think I have replicated the above but obviously I have missed something. What do I need to do to recreate your results? Please try my simple program from this gist: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e Vanilla DLL on Windows 10: PS Z:\> java "-cp" ".;C:\Entwicklung\Projekte\tomcat-native\dist\tomcat-native-1.2.29-dev.jar" "-Djava.library.path=C:\Entwicklung\Programme\apache-tomcat-9.0.46\bin" AprTest libtcnative version: 1.2.28, libapr version 1.7.0 hostname: null, family: 2, next: 522994096 setsockopt IPV6_V6ONLY status: 70023 socket bind status: 0 socket listen status: 0 An IPv6 only socket is bound because default is 1 on the socket option and one cannot set to 0: PS C:\Users\osipovmi> netstat -a | Select-String -Pattern TCP[::]: md2pcvtc:0 ABHÖREN then compiled with patches: PS Z:\> java "-cp" ".;C:\Entwicklung\Projekte\tomcat-native\dist\tomcat-native-1.2.29-dev.jar" "-Djava.library.path=C:\Entwicklung\Projekte\tomcat-native\native\WIN7_X64_DLL_RELEASE" AprTest libtcnative version: 1.2.29-dev, libapr version 1.7.1-dev hostname: null, family: 2, next: 523321776 setsockopt IPV6_V6ONLY status: 0 socket bind status: 0 socket listen status: 0 An IPv6 socket with dual-stack has been bound: PS C:\Users\osipovmi> netstat -a | Select-String -Pattern TCP0.0.0.0: md2pcvtc:0 ABHÖREN TCP[::]: md2pcvtc:0 ABHÖREN Please note that I have IPv6 enabled, but no IP addresses configured. By default only ::1 is present. Addresses: PS C:\Users\osipovmi> Get-NetIPAddress | Format-Table ifIndex IPAddress PrefixLength PrefixOrigin SuffixOrigin AddressState PolicyStore --- - --- 1 ::1 128 WellKnown WellKnownPreferredActiveStore 20 169.254.228.218 16 WellKnown Link TentativeActiveStore 32 192.168.58.19328 Manual Manual PreferredActiveStore 15 169.254.26.74 16 WellKnown Link TentativeActiveStore 18 169.254.76.82 16 WellKnown Link TentativeActiveStore 22 169.254.155.142 16 WellKnown Link TentativeActiveStore 21 192.168.1.23 24 Dhcp Dhcp PreferredActiveStore 1 127.0.0.1 8 WellKnown WellKnownPreferredActiveStore Does this help? M - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
Michael, I think we need to step back a bit. I am unable to recreate the issue you describe. I am using: - Windows Server 2019 - IPv6 enabled (and IPv4 and both have addresses) - Apache Tomcat 9.0.46 - Apache Tomcat Native 1.2.28 - AprLifecycleListener is enabled - No address configured for Connector - Logs confirm http-apr-8080 I can access the default home page via both IPv4 and IPv6 from both the local machine and remotely. On 25/05/2021 18:23, Michael Osipov wrote: >>> * Windows 8+ or Windows Server 2016/2019 * Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set. I think I have replicated the above but obviously I have missed something. What do I need to do to recreate your results? Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
Am 2021-05-27 um 07:39 schrieb Mladen Turk: APR has to be compiled with -D_WIN32_WINNT=0x0600 -DWINVER=0x0600 Same with Tomcat Native Use apr-1.6.x Both don't work out for the following reasons: * Your setenv.bat sets WINVER=0x0601 which fails for the NMakefile which in turn requires a symbolic name instead of a hex value, I have to pass WINVER=WIN7 anyway, then the rest works. * Even if I do, the check in APR is performed at runtime for the OS version, therefore setting the socket option fails. * How is 1.6.x going me to help here if it does not now anything about Windows 8, 10? This [1] is what you need to make it work. Kindly respond to my PR. M [1] https://github.com/apache/apr/commit/2bcd4b3ddb108d16f1c758c00a45de9aef57aa3a On 25/05/2021 18:23, Michael Osipov wrote: Folks, we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please), but the contractor wasn't able to configure the APR connector to accept on external interfaces even after a day. After my analysis it turned out be a subtile bug in libapr which affects Windows users only. I am also surprised why no one complained before. Setup: * Windows 8+ or Windows Server 2016/2019 * Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set. To make a long investigation story short:http://svn.apache.org/viewvc?rev=1889037=rev libapr, thus libtcnative suffer from a very subtile bug only visible on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by default on Windows, no IPv4 addresses are bound. In the case above, Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLhttp://svn.apache.org/viewvc?rev=1889037=revY to 0 by default, but this fails because APR 1.7.x does not recognise anything above Windows 7 and assumes it to be Windows XP by default. As you might know Vista was the first Windows with true IPv6 an dual-sockets. When setsockopt is invoked APR gives you 70023, not implemented. I was able, according to Mark's instructions, to compile OpenSSL, APR and Tomcat Native on Windows 10 and deploy on Windows Server 2019. I'd like to push * https://github.com/michael-o/tomcat/compare/main...clean-bind * https://github.com/michael-o/tomcat-native/compare/main...clean-bind as well as the real fix in APR 1.7.x: https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows I ran all unit tests (main) with those modifications on these platforms: * Windows 10, APR 1.7.0, 1.7.1-dev * Windows Server 2019, APR 1.7.0, 1.7.1-dev * FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev * RHEL 7, APR 1.4.8 * HP-UX 11i, APR 1.6.6 Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple program which binds the socket for tracing only: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e It runs as expected on the above platforms, even with zone id on link-local addresses. If no one objects, I'll merge soon. Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users? Michael - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
Am 2021-05-26 um 15:25 schrieb Mark Thomas: On 25/05/2021 17:23, Michael Osipov wrote: Nice research. Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users? I'd prefer to use a released version of APR but failing that we can provide a patch against 1.7.0. If you can add the appropriate patch here: https://github.com/apache/tomcat-native/tree/main/native/srclib/apr I can include it in the next release. The change has been committed to apr-1.7.x, here [1] is the changeset, compiled for me nicely several times. Would be good if you could also check at your end. I will inquire on dev@apr.a.o if someone is willing to perform 1.7.1 soon. We are close to starting the June releases so if we move quickly on a Tomcat-Native release now, we can included a fixed version of Tomcat Native in the next set of Tomcat releases. I have also applied by changes (simplifcations) to Tomcat Native, but Mladen objected [2] and asked me to move to a PR to discuss [3], but I am still waiting for an explanation of his objection. The purpose of the change was to simplify and have consistency with the Java code where we don't do such things. Hopefully we can setttle this before 1.2.29. M [1] https://github.com/apache/apr/commit/2bcd4b3ddb108d16f1c758c00a45de9aef57aa3a [2] https://github.com/apache/tomcat-native/commit/420cd1c159e4f27bb5d2a873dbd1fb7ea5d3473c [3] https://github.com/apache/tomcat-native/pull/9 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
APR has to be compiled with -D_WIN32_WINNT=0x0600 -DWINVER=0x0600 Same with Tomcat Native Use apr-1.6.x On 25/05/2021 18:23, Michael Osipov wrote: Folks, we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please), but the contractor wasn't able to configure the APR connector to accept on external interfaces even after a day. After my analysis it turned out be a subtile bug in libapr which affects Windows users only. I am also surprised why no one complained before. Setup: * Windows 8+ or Windows Server 2016/2019 * Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set. To make a long investigation story short:http://svn.apache.org/viewvc?rev=1889037=rev libapr, thus libtcnative suffer from a very subtile bug only visible on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by default on Windows, no IPv4 addresses are bound. In the case above, Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLhttp://svn.apache.org/viewvc?rev=1889037=revY to 0 by default, but this fails because APR 1.7.x does not recognise anything above Windows 7 and assumes it to be Windows XP by default. As you might know Vista was the first Windows with true IPv6 an dual-sockets. When setsockopt is invoked APR gives you 70023, not implemented. I was able, according to Mark's instructions, to compile OpenSSL, APR and Tomcat Native on Windows 10 and deploy on Windows Server 2019. I'd like to push * https://github.com/michael-o/tomcat/compare/main...clean-bind * https://github.com/michael-o/tomcat-native/compare/main...clean-bind as well as the real fix in APR 1.7.x: https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows I ran all unit tests (main) with those modifications on these platforms: * Windows 10, APR 1.7.0, 1.7.1-dev * Windows Server 2019, APR 1.7.0, 1.7.1-dev * FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev * RHEL 7, APR 1.4.8 * HP-UX 11i, APR 1.6.6 Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple program which binds the socket for tracing only: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e It runs as expected on the above platforms, even with zone id on link-local addresses. If no one objects, I'll merge soon. Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users? Michael - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org -- ^TM - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: APR connector on Windows 8+ fails to listen on all addresses
On 25/05/2021 17:23, Michael Osipov wrote: Nice research. Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users? I'd prefer to use a released version of APR but failing that we can provide a patch against 1.7.0. If you can add the appropriate patch here: https://github.com/apache/tomcat-native/tree/main/native/srclib/apr I can include it in the next release. We are close to starting the June releases so if we move quickly on a Tomcat-Native release now, we can included a fixed version of Tomcat Native in the next set of Tomcat releases. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
APR connector on Windows 8+ fails to listen on all addresses
Folks, we needed to deploy Tomcat 9.0.x on a Windows server (no jokes, please), but the contractor wasn't able to configure the APR connector to accept on external interfaces even after a day. After my analysis it turned out be a subtile bug in libapr which affects Windows users only. I am also surprised why no one complained before. Setup: * Windows 8+ or Windows Server 2016/2019 * Have at least IPv6 available, no IP addresses necessary, ::1 is sufficient * Any Tomcat with libtcnative 1.2.28 with the DLL compiled by Mark Thomas. * Start Tomcat with the AprLifecycleListener and make sure that no address (hostname) is set. To make a long investigation story short: libapr, thus libtcnative suffer from a very subtile bug only visible on dual-stack systems. Since on INET6 sockets IPV6_V6ONLY is 1 by default on Windows, no IPv4 addresses are bound. In the case above, Tomcat is only accessible on ::1. APR is supposed to set IPV6_V6ONLY to 0 by default, but this fails because APR 1.7.x does not recognise anything above Windows 7 and assumes it to be Windows XP by default. As you might know Vista was the first Windows with true IPv6 an dual-sockets. When setsockopt is invoked APR gives you 70023, not implemented. I was able, according to Mark's instructions, to compile OpenSSL, APR and Tomcat Native on Windows 10 and deploy on Windows Server 2019. I'd like to push * https://github.com/michael-o/tomcat/compare/main...clean-bind * https://github.com/michael-o/tomcat-native/compare/main...clean-bind as well as the real fix in APR 1.7.x: https://github.com/michael-o/apr/compare/1.7.x...1.7.x-windows I ran all unit tests (main) with those modifications on these platforms: * Windows 10, APR 1.7.0, 1.7.1-dev * Windows Server 2019, APR 1.7.0, 1.7.1-dev * FreeBSD 12-STABLE, APR 1.7.0, 1.7.1-dev * RHEL 7, APR 1.4.8 * HP-UX 11i, APR 1.6.6 Some hosts are dual-stack, some IPv4 only. Moreover, I wrote a simple program which binds the socket for tracing only: https://gist.github.com/michael-o/dfb86df472f62d2b2dff6ef12ee3758e It runs as expected on the above platforms, even with zone id on link-local addresses. If no one objects, I'll merge soon. Mark, I don't know when the next APR release will happen, but I consider this to be very annoying. Maybe it makes sense to push 1.2.29 with APR 1.7.1-dev to please Windows users? Michael - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org