Bug 235141 - lang/php72: php-fpm fails to bind to tcpv4 socket on FreeBSD 11.2
Summary: lang/php72: php-fpm fails to bind to tcpv4 socket on FreeBSD 11.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Torsten Zuehlsdorff
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-22 22:24 UTC by Artyom Davidov
Modified: 2019-01-26 16:34 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (tz)


Attachments
Patch for the www.conf.default file (996 bytes, patch)
2019-01-25 16:13 UTC, Artyom Davidov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Artyom Davidov 2019-01-22 22:24:43 UTC
php-fpm fails to bind to tcpv4 socket when only port number is set in 'listen' configuration directive.

# php -v
PHP 7.2.14 (cli) (built: Jan 22 2019 19:11:40) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies

# uname -a
FreeBSD test.local 11.2-RELEASE-p8 FreeBSD 11.2-RELEASE-p8 #0: Tue Jan  8 21:35:12 UTC 2019     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

STR:
Set 'listen' parameter to include only port, i.e.:
listen = 9000
in "php-fpm.d/www.conf" and start or restart php-fpm service.

Then run "netstat -an".

php-fpm will bind only to tcpv6 socket ignoring tcpv4, instead of binding to both.
Comment 1 Artyom Davidov 2019-01-22 22:42:40 UTC
(In reply to Artyom Davidov from comment #0)
I forgot to mention that PHP was built with the following options:
OPTIONS_FILE_SET+=CLI
OPTIONS_FILE_UNSET+=CGI
OPTIONS_FILE_SET+=FPM
OPTIONS_FILE_SET+=EMBED
OPTIONS_FILE_UNSET+=PHPDBG
OPTIONS_FILE_UNSET+=DEBUG
OPTIONS_FILE_SET+=DTRACE
OPTIONS_FILE_UNSET+=IPV6
OPTIONS_FILE_SET+=MYSQLND
OPTIONS_FILE_SET+=LINKTHR
OPTIONS_FILE_UNSET+=ZTS
Comment 2 Torsten Zuehlsdorff freebsd_committer 2019-01-24 09:07:23 UTC
(In reply to Artyom Davidov from comment #0)
> php-fpm will bind only to tcpv6 socket ignoring tcpv4, instead of binding to both.

I'm not sure if this is a bug. Based at the RFC standard IPv6 should be used, if both is available. But i am really not sure, if this is a bug or not. Can you please open an issue at https://bugs.php.net/ and get some comment on this issue from the project?

Greetings,
Torsten
Comment 3 Artyom Davidov 2019-01-25 04:39:30 UTC
(In reply to Torsten Zuehlsdorff from comment #2)

Hello Torsten,

It looks like someone was ahead of me in creating a bug-report at bugs.php.net
The corresponding bug-report is available at:
https://bugs.php.net/bug.php?id=77482

It seems that PHP7.3 is also affected.
Comment 4 Torsten Zuehlsdorff freebsd_committer 2019-01-25 13:46:49 UTC
Mh, this seems to be a regression, but judging based on the PR(s) of PHP i doubt, that there will be a fix. The last comment in this ticket is really clear:
https://bugs.php.net/bug.php?id=74166

But maybe something has changed in the last 2 years and it will got fixed, when marked as regression.
Comment 5 Artyom Davidov 2019-01-25 15:03:06 UTC
(In reply to Torsten Zuehlsdorff from comment #4)

Yes, this seems to be a regression and another bad thing is that they choose to use a non-portable way to bind to а TCP socket. Taking into the account the fact that IPv4 mapped addresses are disabled by default or not implemented at all in most of the BSD systems for security reasons.
Also this breaking changes were not clearly documented - so it will take some time and trials to figure out that this bug could be avoided in IPv4-only environments using "listen = 0.0.0.0:9000".

It is sad that currently, to make PHP-FPM bind to both IPv4 and IPv6 sockets in a mixed environment, one should sacrifice the security and allow IPv4 mapped addresses in FreeBSD due to linuxisms in PHP-FPM code.
Comment 6 Torsten Zuehlsdorff freebsd_committer 2019-01-25 15:27:52 UTC
Yes, that is sad. 

To mitigate the situation a little, we could improve the documentation in the sample-config about this topic. How should we formulated it, to avoid further problems?

Greetings,
Torsten
Comment 7 Artyom Davidov 2019-01-25 16:00:03 UTC
(In reply to Torsten Zuehlsdorff from comment #6)

I guess we can add something similar to the following text, near the line 29 of www.conf.default file:

;   '0.0.0.0:port'         - to listen on a TCP socket to all IPv4 addresses on
;                            a specific port;

Also we can add two more lines at 30:

;                            Note: IPv4-mapped addresses are disabled by-default in FreeBSD
;                                  for security reasons;



Sorry for not providing a diff for this and cut-and-pasting the text in the comment.
Comment 8 Artyom Davidov 2019-01-25 16:04:24 UTC
(In reply to Artyom Davidov from comment #7)

Oops, my fault. It should be line 33 not 30 in my previous post.
Comment 9 Artyom Davidov 2019-01-25 16:13:48 UTC
Created attachment 201396 [details]
Patch for the www.conf.default file

Diff for the text from the comments above.
Comment 10 commit-hook freebsd_committer 2019-01-26 16:32:49 UTC
A commit references this bug:

Author: tz
Date: Sat Jan 26 16:32:29 UTC 2019
New revision: 491300
URL: https://svnweb.freebsd.org/changeset/ports/491300

Log:
  lang/php72 and lang/php73: improve documentation of php-fpm specific www.conf

  If you only define a port to listen in www.conf, PHP defaults to listen
  only to IPv6 ports on FreeBSD. On other OS it listens to IPv6 and IPv4.

  Since upstream do not want to fix this [1], we add this special case to
  the documentation.

  Because the configuration file is a @sample it wont be updated for already
  changed files. Therefore i do not bump PORTREVISION.

  PR:		235141
  Submitted by:	 Artyom Davidov <ard_1@mail.ru>

  [1] https://bugs.php.net/bug.php?id=74166

Changes:
  head/lang/php72/files/patch-sapi_fpm_www.conf.in
  head/lang/php73/files/patch-sapi_fpm_www.conf.in
Comment 11 Torsten Zuehlsdorff freebsd_committer 2019-01-26 16:34:20 UTC
Committed, thanks! :)