Hi. I think postgresql is an incredible piece of software, I am
learning how to use it all the time. I ran into a nasty situation
where 1 out of my 3 postgresql machines could not get any stats
logged at all. I did some research and found out why, but it also
led me to believe maybe a new feature can be added in.
I suggest you add a postgresql.conf option that lets you pick IPv4 or
IPV6 for the stats buffer daemon.
Now, the stats collector daemon does not use TCP/IP. The Stats
buffer daemon DOES. Run sockstat, run fstat -p, map the stat buffer
collector. It picks a random UDP port to listen on, and the
localhost interface. On my FreeBSD 4.8-REL-p3 machine it picked an
IPv6 address.
Here is some background on why UDP was picked. Look for Jan Wieck's
response.
http://dbforums.com/arch/171/2003/9/906823
Now, it can randomly pick IPv4 or IPv6. I think this is not
necessarily a good thing. If I want to harden a machine, I want to
at least focus on IPv4 or IPv6, so I can write firewall rules
accordingly and such. It was not clear in the documentation that the
stats buffer daemon would randomly pick IPv4 or IPv6.
Why is this an issue at all? Well, I ran into a nasty bug with
FreeBSD (or feature). Where if I enabled IPV4 Firewall in the kernel
with default deny settings, for some odd reason it appears that it
also blocks IPV6 packets even though I did not enable it in the
kernel.
The side effect was, it blocked all IPv6 packets, even to the
localhost. Yet, there was no way to configure it since the kernel
did not have IPv6 firewall enabled.
In short, the firewall was blocking for IPv6, but did not let me
change it's behavior.
Of course if I recompile the kernel to add IPv6 firewalls and wrote
the rules to let it pass I am sure it would work, but for other
reasons I could not do that now.
I think it would be nice to let me pick IPv4 or IPv6 for the
bindings. A lot of other daemons do it too, like SSHD. I do not
think it would be too hard and later on if IPv6 even takes off, at
least things will be more controllable and sensible.
Or, in the least, could you document that the stats buffer daemon
requires the use of communication to the localhost as of now, through
IPv6. It would be really helpful for anyone else who runs into this
issue.
Thanks and keep up the good work!
-Carroll Kong