FS#49328 - [haproxy] binds to all IPv4 addresses even though the config specifies only certain IPv4 addresses
Attached to Project:
Community Packages
Opened by zless (roentgen) - Saturday, 14 May 2016, 11:55 GMT
Last edited by Johannes Löthberg (demize) - Friday, 20 May 2016, 07:39 GMT
Opened by zless (roentgen) - Saturday, 14 May 2016, 11:55 GMT
Last edited by Johannes Löthberg (demize) - Friday, 20 May 2016, 07:39 GMT
|
Details
As reported in
http://thread.gmane.org/gmane.comp.web.haproxy/27881 haproxy 1.6.5 built with gcc 6 will bind to all IPv4 addresses even though the config specifies only certain IPv4 addresses. For example a config like listen tcp-imap bind 1.2.3.4:143 will show like this in the 'ss' output. # ss -ltnp | column -t| grep 143 LISTEN 0 50 *:143 *:* users:(("haproxy",pid=13010,fd=19)) It has been suggested in http://thread.gmane.org/gmane.comp.web.haproxy/27881 that the gcc flag "-fno-tree-sra" will work around this. It's not a definitive solution but I think it's better than the current situation. I confirm it works as expected in my case. I've attached a patch to the PKGBUILD in order to build with this flag. |
This task depends upon
Closed by Johannes Löthberg (demize)
Friday, 20 May 2016, 07:39 GMT
Reason for closing: Fixed
Additional comments about closing: 1.6.5-3
Friday, 20 May 2016, 07:39 GMT
Reason for closing: Fixed
Additional comments about closing: 1.6.5-3
[1]: http://thread.gmane.org/gmane.comp.web.haproxy/27881
I don't think there's a possibility to compile haproxy with gcc 5 at this point, is it?
I rebuilt haproxy with the patch applied and I can confirm that it solves the problem.
I will attach the patch here too because the gmane web page destroys the text.