Once every second, at seemingly random times throughout the day, I'm getting these warnings logged in bunches of ~100 lines: (97)Address family not supported by protocol: connect to listener on [::]:443 Out of the box, prefork is loaded rather than worker, with my custom settings: <IfModule prefork.c> StartServers 1 MinSpareServers 2 MaxSpareServers 3 ServerLimit 4 MaxClients 4 MaxRequestsPerChild 4000 </IfModule> ... reflecting the fact this is possibly one of the worlds smallest production servers (Pentium MMX, 166MHz, 140MB, 2.6.12-1.1390_FC4, httpd-2.0.54-10) that runs great on otherwise stock settings, using Yum maintained Fedora RPMs. I'll attach a strace of "telnet ::1", a server_status.html and phpinfo.php readout shortly. Again, it's a very stock kit, with no proxy server defined, etc. Is there anything else I can do to help move the markers forward on this? While this problem is not lethal, I need to keep this museum piece running as lean as possible ;) Thanks very much, /p2
Created attachment 15639 [details] strace of telnet ::1
Created attachment 15640 [details] readout of server-status
Created attachment 15641 [details] readout of phpinfo.php
Created attachment 15660 [details] httpd strace taken while problem is occuring This attachment is a trace of the httpd parent process taken in the midst of the problem occuring in real-time. The child processes individually trace as: [root@server ~]# ps fax | grep httpd 1568 ? Ss 1:02 /usr/sbin/httpd 32523 ? S 0:00 \_ /usr/sbin/httpd 32525 ? S 0:00 \_ /usr/sbin/httpd 32527 ? S 0:00 \_ /usr/sbin/httpd 333 ? S 0:00 \_ /usr/sbin/httpd [root@server ~]# strace -p 32523 Process 32523 attached - interrupt to quit semop(1343495, 0xd8378c, 1 <unfinished ...> Process 32523 detached [root@server ~]# strace -p 32525 Process 32525 attached - interrupt to quit poll( <unfinished ...> Process 32525 detached [root@server ~]# strace -p 32527 Process 32527 attached - interrupt to quit semop(1343495, 0xd8378c, 1 <unfinished ...> Process 32527 detached [root@server ~]# strace -p 333 Process 333 attached - interrupt to quit semop(1343495, 0xd8378c, 1 <unfinished ...> Process 333 detached Don't know if it's meaningful, but I noted the 'poll' condition on pid 32525 and the odd number pid (333) for the last (4th) reserved child. While the error condition was still ongoing, I browsed to both 80 and 443 URL's and the once-per-second warnings immediately stopped. Now the scene looks like this: [root@server ~]# ps fax | grep httpd 717 pts/0 R+ 0:00 \_ grep httpd 1568 ? Ss 1:03 /usr/sbin/httpd 687 ? S 0:00 \_ /usr/sbin/httpd 688 ? S 0:00 \_ /usr/sbin/httpd 689 ? S 0:00 \_ /usr/sbin/httpd Correlating the timestamp of the last warning message with the various httpd access, error, ssl_access, ssl_error and ssl_request logs indicate the warnings stopped when a simple port 80 request was made, not the 443 request I made subsequently.
The error is relatively harmless. The code in question was changed slightly in 2.0.54. The problem is that the server has in this case created an AF_INET socket and then tried to connect it to an AF_INET6 address. socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 14 ... connect(14, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, "::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EAFNOSUPPORT (Address family not supported by protocol) I'm not quite sure why this happens.
It seems the pathology of this problem has changed lately. Two things have changed: - the usual schwack of yum updates: now running on 2.6.12-1.1398_FC4 - I've changed SElinux from 'disabled' to 'permissive' (targetted) mode Now, the boatloads o'error messages have changed to: (22)Invalid argument: connect to listener on [::]:443 ... still once per second, in large batches throughout the day. Despite my usual reticence on enabling 'enforcing' mode, I'll flip that switch and report if the scene changes.
There's an FC4 SELinux policy setting which affects this, though it should cause "Permission denied" errors rather than "Invalid argument" errors if that's what you're hitting. setsebool httpd_can_network_connect=1 to disable that, with -P to make the change permanent.
Can someone give all the Listen statements in use in a configuration which is seeing this issue?
Here's mine: Listen 198.161.217.10:80 hth, /p2
And, from ssl.conf: Listen 443
Thanks. I'm having trouble reproducing this. Can you stop the server, then grab the strace output from: $ strace -ebind,socket /usr/sbin/httpd -X <ctrl-c> and attach that.
Created attachment 15871 [details] strace -ebind,socket /usr/sbin/httpd -X
The original error message has returned: [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 with no changes other than a weekly 'yum update', which now has the box running on 2.6.12-1.1447_FC4. Here's a snippet from httpd/error_log showing the error across the yum update (which included a reboot): [Thu Sep 01 18:11:26 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:27 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:28 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 18:11:29 2005] [warn] (22)Invalid argument: connect to listener on [::]:443 [Thu Sep 01 21:09:35 2005] [notice] caught SIGTERM, shutting down [Thu Sep 01 21:14:11 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Thu Sep 01 21:15:05 2005] [notice] Digest: generating secret for digest authentication ... [Thu Sep 01 21:15:05 2005] [notice] Digest: done [Thu Sep 01 21:15:05 2005] [notice] LDAP: Built with OpenLDAP LDAP SDK [Thu Sep 01 21:15:05 2005] [notice] LDAP: SSL support unavailable [Thu Sep 01 21:15:06 2005] [notice] mod_python: Creating 4 session mutexes based on 4 max processes and 0 max threads. [Thu Sep 01 21:15:15 2005] [notice] Apache/2.0.54 (Fedora) configured -- resuming normal operations [Thu Sep 01 21:16:54 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:16:55 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 This error continues once per second until: [Thu Sep 01 21:28:34 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:28:35 2005] [warn] (97)Address family not supported by protocol: connect to listener on [::]:443 [Thu Sep 01 21:41:35 2005] [error] server reached MaxClients setting, consider raising the MaxClients setting I'm not sure if this MaxClients error is a new symptom.
Ahhh, this is a bug in the Fedora httpd package, I missed the fact that you were using packages. Please report bugs in packaged versions of httpd to the package vendor in the first instance; I've filed this as: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=167425