FS#49328 : [haproxy] binds to all IPv4 addresses even though the config specifies only certain IPv4 addresses

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#49328 - [haproxy] binds to all IPv4 addresses even though the config specifies only certain IPv4 addresses

Attached to Project: Community Packages
Opened by zless (roentgen) - Saturday, 14 May 2016, 11:55 GMT
Last edited by Johannes Löthberg (demize) - Friday, 20 May 2016, 07:39 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Johannes Löthberg (demize)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

As reported in

http://thread.gmane.org/gmane.comp.web.haproxy/27881

haproxy 1.6.5 built with gcc 6 will bind to all IPv4 addresses even though the config specifies only certain IPv4 addresses.

For example a config like

listen tcp-imap
bind 1.2.3.4:143

will show like this in the 'ss' output.

# ss -ltnp | column -t| grep 143
LISTEN 0 50 *:143 *:* users:(("haproxy",pid=13010,fd=19))

It has been suggested in

http://thread.gmane.org/gmane.comp.web.haproxy/27881

that the gcc flag "-fno-tree-sra" will work around this. It's not a definitive solution but I think it's better than the current situation. I confirm it works as expected in my case.

I've attached a patch to the PKGBUILD in order to build with this flag.

This task depends upon

Closed by Johannes Löthberg (demize)
Friday, 20 May 2016, 07:39 GMT
Reason for closing: Fixed
Additional comments about closing: 1.6.5-3

Comments (6)
Related Tasks (0/0)

Comment by zless (roentgen) - Saturday, 14 May 2016, 11:55 GMT

And the patch...

haproxy_pkgbuild.patch (0.3 KiB)

Comment by Remi Gacogne (rgacogne) - Saturday, 14 May 2016, 15:22 GMT

Cyril Bonté provided a minimal test case [1] for the issue, it looks like a nasty issue in gcc 6.1.

[1]: http://thread.gmane.org/gmane.comp.web.haproxy/27881

Comment by Johannes Löthberg (demize) - Saturday, 14 May 2016, 18:20 GMT

Could you try 1.6.5-2 in [community-testing], just to make sure that it works with that one? The thread seems to suggest that it might not work sometimes? Hmm..

Comment by zless (roentgen) - Sunday, 15 May 2016, 07:48 GMT

Yes, I know it works because I recompiled it myself with those flags. However, as they say further in the thread it's not exactly the final solution.

I don't think there's a possibility to compile haproxy with gcc 5 at this point, is it?

Comment by zless (roentgen) - Tuesday, 17 May 2016, 17:04 GMT

There's also a corresponding gcc bug report tracking the root cause of this issue: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71120

Comment by zless (roentgen) - Thursday, 19 May 2016, 17:18 GMT

A patch has been accepted by haproxy devs: http://article.gmane.org/gmane.comp.web.haproxy/27986

I rebuilt haproxy with the patch applied and I can confirm that it solves the problem.

I will attach the patch here too because the gmane web page destroys the text.

haproxy.patch (4.2 KiB)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Community Packages

FS#49328 - [haproxy] binds to all IPv4 addresses even though the config specifies only certain IPv4 addresses

Details

Loading...