Summary: | (97)Address family not supported by protocol: connect to listener on [::]:443 | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Pete Pinter <pinter> |
Component: | mpm_prefork | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.0.54 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux | ||
Attachments: |
strace of telnet ::1
readout of server-status readout of phpinfo.php httpd strace taken while problem is occuring strace -ebind,socket /usr/sbin/httpd -X |
Description
Pete Pinter
2005-07-10 20:07:38 UTC
Created attachment 15639 [details]
strace of telnet ::1
Created attachment 15640 [details]
readout of server-status
Created attachment 15641 [details]
readout of phpinfo.php
Created attachment 15660 [details]
httpd strace taken while problem is occuring
This attachment is a trace of the httpd parent process taken in the midst of
the problem occuring in real-time.
The child processes individually trace as:
[root@server ~]# ps fax | grep httpd
1568 ? Ss 1:02 /usr/sbin/httpd
32523 ? S 0:00 \_ /usr/sbin/httpd
32525 ? S 0:00 \_ /usr/sbin/httpd
32527 ? S 0:00 \_ /usr/sbin/httpd
333 ? S 0:00 \_ /usr/sbin/httpd
[root@server ~]# strace -p 32523
Process 32523 attached - interrupt to quit
semop(1343495, 0xd8378c, 1 <unfinished ...>
Process 32523 detached
[root@server ~]# strace -p 32525
Process 32525 attached - interrupt to quit
poll( <unfinished ...>
Process 32525 detached
[root@server ~]# strace -p 32527
Process 32527 attached - interrupt to quit
semop(1343495, 0xd8378c, 1 <unfinished ...>
Process 32527 detached
[root@server ~]# strace -p 333
Process 333 attached - interrupt to quit
semop(1343495, 0xd8378c, 1 <unfinished ...>
Process 333 detached
Don't know if it's meaningful, but I noted the 'poll' condition on pid 32525
and the odd number pid (333) for the last (4th) reserved child.
While the error condition was still ongoing, I browsed to both 80 and 443 URL's
and the once-per-second warnings immediately stopped. Now the scene looks like
this:
[root@server ~]# ps fax | grep httpd
717 pts/0 R+ 0:00 \_ grep httpd
1568 ? Ss 1:03 /usr/sbin/httpd
687 ? S 0:00 \_ /usr/sbin/httpd
688 ? S 0:00 \_ /usr/sbin/httpd
689 ? S 0:00 \_ /usr/sbin/httpd
Correlating the timestamp of the last warning message with the various httpd
access, error, ssl_access, ssl_error and ssl_request logs indicate the warnings
stopped when a simple port 80 request was made, not the 443 request I made
subsequently.
The error is relatively harmless. The code in question was changed slightly in 2.0.54. The problem is that the server has in this case created an AF_INET socket and then tried to connect it to an AF_INET6 address. socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 14 ... connect(14, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EAFNOSUPPORT (Address family not supported by protocol) I'm not quite sure why this happens. It seems the pathology of this problem has changed lately. Two things have changed: - the usual schwack of yum updates: now running on 2.6.12-1.1398_FC4 - I've changed SElinux from 'disabled' to 'permissive' (targetted) mode Now, the boatloads o'error messages have changed to: (22)Invalid argument: connect to listener on [::]:443 ... still once per second, in large batches throughout the day. Despite my usual reticence on enabling 'enforcing' mode, I'll flip that switch and report if the scene changes. There's an FC4 SELinux policy setting which affects this, though it should cause "Permission denied" errors rather than "Invalid argument" errors if that's what you're hitting. setsebool httpd_can_network_connect=1 to disable that, with -P to make the change permanent. Can someone give all the Listen statements in use in a configuration which is seeing this issue? Here's mine: Listen 198.161.217.10:80 hth, /p2 And, from ssl.conf: Listen 443 Thanks. I'm having trouble reproducing this. Can you stop the server, then grab the strace output from: $ strace -ebind,socket /usr/sbin/httpd -X <ctrl-c> and attach that. Created attachment 15871 [details]
strace -ebind,socket /usr/sbin/httpd -X
The original error message has returned: [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 with no changes other than a weekly 'yum update', which now has the box running on 2.6.12-1.1447_FC4. Here's a snippet from httpd/error_log showing the error across the yum update (which included a reboot): [Thu Sep 01 18:11:26 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:27 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:28 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:29 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 21:09:35 2005] [notice] caught SIGTERM, shutting down [Thu Sep 01 21:14:11 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Sep 01 21:15:05 2005] [notice] Digest: generating secret for digest authentication ... [Thu Sep 01 21:15:05 2005] [notice] Digest: done [Thu Sep 01 21:15:05 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK [Thu Sep 01 21:15:05 2005] [notice] LDAP: SSL support unavailable [Thu Sep 01 21:15:06 2005] [notice] mod_python: Creating 4 session mutexes based on 4 max processes and 0 max threads. [Thu Sep 01 21:15:15 2005] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Thu Sep 01 21:16:54 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:16:55 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 This error continues once per second until: [Thu Sep 01 21:28:34 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:28:35 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:41:35 2005] [error] server reached MaxClients setting, consider raising the MaxClients setting I'm not sure if this MaxClients error is a new symptom. Ahhh, this is a bug in the Fedora httpd package, I missed the fact that you were using packages. Please report bugs in packaged versions of httpd to the package vendor in the first instance; I've filed this as: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167425 |