Re: Haproxy 1.6.5 listens on all IPv4 addresses

Le 02/07/2016 à 23:22, Hoggins! a écrit : Thanks Cyril. I discovered the answer while you were writing yours. Sorry for the noise. If you plan to upgrade to 1.6.6, be aware of a regression which may hurt you. Willy has already reverted the commit on the master branch :

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Thanks Cyril. I discovered the answer while you were writing yours. Sorry for the noise. Hoggins! Le 02/07/2016 22:48, Cyril Bonté a écrit : > Le 02/07/2016 à 22:45, Hoggins! a écrit : >> Oh my ! >> >> It's just happening to me on Fedora 24 with version >> haproxy-1.6.5-3.fc24.x86_64 ! >> >>

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Le 02/07/2016 à 22:45, Hoggins! a écrit : Oh my ! It's just happening to me on Fedora 24 with version haproxy-1.6.5-3.fc24.x86_64 ! Well, I have a huge problem since I just upgraded and the mess is all around, listening on all ports and all IPv4 addresses. Can you summarize what I should do ?

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Oh my ! It's just happening to me on Fedora 24 with version haproxy-1.6.5-3.fc24.x86_64 ! Well, I have a huge problem since I just upgraded and the mess is all around, listening on all ports and all IPv4 addresses. Can you summarize what I should do ? Recompile with which options ? Thanks !

Re: Haproxy 1.6.5 listens on all IPv4 addresses

În ziua de miercuri, 18 mai 2016, la 10:30:56 EEST, Willy Tarreau a scris: > That works for me. Let's have Arthur test them to confirm the issue goes > away for him. I'm glad to help.

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi Vincent, On Wed, May 18, 2016 at 09:58:33AM +0200, Vincent Bernat wrote: > ??? 15 mai 2016 09:55 +0200, Vincent Bernat  : > > >> I suppose that some new features of gcc started to rely on the > >> strict-aliasing rule without taking -fno-strict-aliasing into > >>

Re: Haproxy 1.6.5 listens on all IPv4 addresses

❦ 15 mai 2016 09:55 +0200, Vincent Bernat  : >> I suppose that some new features of gcc started to rely on the >> strict-aliasing rule without taking -fno-strict-aliasing into >> consideration. I didn't find anything in the bugzilla, but it's easy to >> miss something as there

Re: Haproxy 1.6.5 listens on all IPv4 addresses

❦ 15 mai 2016 09:45 +0200, Vincent Bernat  : > I suppose that some new features of gcc started to rely on the > strict-aliasing rule without taking -fno-strict-aliasing into > consideration. I didn't find anything in the bugzilla, but it's easy to > miss something as there are

Re: Haproxy 1.6.5 listens on all IPv4 addresses

❦ 15 mai 2016 09:19 +0200, Willy Tarreau  : >> I think this is an aliasing problem. You cannot have two incompatible >> variables pointing at the same memory spot. It seems that now >> sockaddr_storage and sockaddr_in are not compatible anymore. > > Here it's not an aliasing problem

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi Vincent, On Sat, May 14, 2016 at 07:08:12PM +0200, Vincent Bernat wrote: > I think this is an aliasing problem. You cannot have two incompatible > variables pointing at the same memory spot. It seems that now > sockaddr_storage and sockaddr_in are not compatible anymore. Here it's not an

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi Vincent, Le 14/05/2016 19:08, Vincent Bernat a écrit : ❦ 14 mai 2016 15:20 +0200, Cyril Bonté : What is the most important is to report this to the gcc maintainers so that they can fix the bug. The fix will naturally flow into the distros. I understand this and

Re: Haproxy 1.6.5 listens on all IPv4 addresses

❦ 14 mai 2016 15:20 +0200, Cyril Bonté  : >>> What is the most important is to report this to the gcc maintainers so that >>> they can fix the bug. The fix will naturally flow into the distros. >>> >> >> I understand this and of course I could try to fill a bug on their side

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi all, Le 14/05/2016 14:06, Arthur Țițeică a écrit : În ziua de sâmbătă, 14 mai 2016, la 13:57:35 EEST, Willy Tarreau a scris: What is the most important is to report this to the gcc maintainers so that they can fix the bug. The fix will naturally flow into the distros. I understand this

Re: Haproxy 1.6.5 listens on all IPv4 addresses

În ziua de sâmbătă, 14 mai 2016, la 13:57:35 EEST, Willy Tarreau a scris: > On Sat, May 14, 2016 at 02:36:39PM +0300, Arthur ??i??eic?? wrote: > > În ziua de vineri, 13 mai 2016, la 23:47:07 EEST, Willy Tarreau a scris: > > > On Fri, May 13, 2016 at 11:25:28PM +0200, Cyril Bonté wrote: > > > > >

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Sat, May 14, 2016 at 02:36:39PM +0300, Arthur ??i??eic?? wrote: > În ziua de vineri, 13 mai 2016, la 23:47:07 EEST, Willy Tarreau a scris: > > On Fri, May 13, 2016 at 11:25:28PM +0200, Cyril Bonté wrote: > > > > In the mean time, there may be a -fsomething option to disable a > > > > bogus

Re: Haproxy 1.6.5 listens on all IPv4 addresses

În ziua de vineri, 13 mai 2016, la 23:47:07 EEST, Willy Tarreau a scris: > On Fri, May 13, 2016 at 11:25:28PM +0200, Cyril Bonté wrote: > > > In the mean time, there may be a -fsomething option to disable a > > > bogus optimization which causes this, but that's not easy to spot > > > as it will

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 11:25:28PM +0200, Cyril Bonté wrote: > > In the mean time, there may be a -fsomething option to disable a > > bogus optimization which causes this, but that's not easy to spot > > as it will depend on any side effect of other code :-/ > > I was trying to identify one, and

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Le 13/05/2016 23:20, Willy Tarreau a écrit : On Fri, May 13, 2016 at 11:07:18PM +0200, Cyril Bonté wrote: At this point, I have an issue in the function str2listener() [cfgparse.c] In the port loop : for (; port <= end; port++) { [...] if (l->addr.ss_family == AF_INET) {

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 11:07:18PM +0200, Cyril Bonté wrote: > At this point, I have an issue in the function str2listener() [cfgparse.c] > > In the port loop : > for (; port <= end; port++) { > [...] > if (l->addr.ss_family == AF_INET) { > [...] > Here, if I print the content of

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Le 13/05/2016 22:14, Cyril Bonté a écrit : Hi all, Le 13/05/2016 21:24, Willy Tarreau a écrit : On Fri, May 13, 2016 at 10:09:04PM +0300, Arthur ??i??eic?? wrote: I will attach 2 traces, for 1.6.4 and for 1.6.5. So indeed in your traces, we see that 1.6.5 does bind(port=443, addr=0.0.0.0)

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi all, Le 13/05/2016 21:24, Willy Tarreau a écrit : On Fri, May 13, 2016 at 10:09:04PM +0300, Arthur ??i??eic?? wrote: I will attach 2 traces, for 1.6.4 and for 1.6.5. So indeed in your traces, we see that 1.6.5 does bind(port=443, addr=0.0.0.0) while 1.6.4 has the correct address. At this

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 10:09:04PM +0300, Arthur ??i??eic?? wrote: > I will attach 2 traces, for 1.6.4 and for 1.6.5. So indeed in your traces, we see that 1.6.5 does bind(port=443, addr=0.0.0.0) while 1.6.4 has the correct address. At this point your kernel is innocent. I don't see what could

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 10:09:04PM +0300, Arthur ??i??eic?? wrote: > În ziua de vineri, 13 mai 2016, la 19:12:23 EEST, Willy Tarreau a scris: > > On Fri, May 13, 2016 at 06:59:49PM +0300, Arthur ??i??eic?? wrote: > > > I already went back and forth between the 2 versions to confirm that it's > > >

Re: Haproxy 1.6.5 listens on all IPv4 addresses

În ziua de vineri, 13 mai 2016, la 19:12:23 EEST, Willy Tarreau a scris: > On Fri, May 13, 2016 at 06:59:49PM +0300, Arthur ??i??eic?? wrote: > > I already went back and forth between the 2 versions to confirm that it's > > still working fine in 1.6.4. > > But using a version that you rebuilt for

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 06:59:49PM +0300, Arthur ??i??eic?? wrote: > I already went back and forth between the 2 versions to confirm that it's > still working fine in 1.6.4. But using a version that you rebuilt for this or the version that you had built some time ago ? I just want to ensure that

Re: Haproxy 1.6.5 listens on all IPv4 addresses

I already went back and forth between the 2 versions to confirm that it's still working fine in 1.6.4. When I get home I will try to start haproxy in debug mode and I will try to strace it (any help on this would be appreciated). If all fails I will reboot the server in a non-grsec kernel (4.5.2

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On Fri, May 13, 2016 at 06:30:35PM +0300, Arthur ??i??eic?? wrote: > Hi, > > 1.6.4 worked fine with the same config. > > I noticed this because I have the same port bound on 127.0.0.1 too and > haproxy refused to start after upgrade. > > Another curious thing is that with haproxy bind on *two*

Re: Haproxy 1.6.5 listens on all IPv4 addresses

On 13/05/2016 04:41 μμ, Arthur Țițeică wrote: > Hi, > > With the 1.6.5 upgrade I see that a configuration like this > > listen tcp-imap > bind 1.2.3.4:143 name imap-v4 > > will make haproxy listen on all ipv4 addresses instead. > > # ss -ltnp | column -t| grep

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi, 1.6.4 worked fine with the same config. I noticed this because I have the same port bound on 127.0.0.1 too and haproxy refused to start after upgrade. Another curious thing is that with haproxy bind on *two* ipv4 addresses I also see two *:143 in the 'ss' output. This is not specific to

Re: Haproxy 1.6.5 listens on all IPv4 addresses

Hi Arthur, On Fri, May 13, 2016 at 05:41:50PM +0300, Arthur ??i??eic?? wrote: > Hi, > > With the 1.6.5 upgrade I see that a configuration like this > > listen tcp-imap > bind 1.2.3.4:143name imap-v4 > > will make haproxy listen on all ipv4 addresses instead. > > # ss -ltnp | column

Haproxy 1.6.5 listens on all IPv4 addresses

Hi, With the 1.6.5 upgrade I see that a configuration like this listen tcp-imap bind 1.2.3.4:143name imap-v4 will make haproxy listen on all ipv4 addresses instead. # ss -ltnp | column -t| grep 143 LISTEN 0 50 *:143 *:* users:(("haproxy",pid=13010,fd=19)) IPv6 works as