Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1vj8tI-0085ji-1s
	for pgpool-general@arkaria.postgresql.org;
	Fri, 23 Jan 2026 04:35:25 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgpool-general-owner+archive@lists.postgresql.org>)
	id 1vj8tH-00G5Yr-2U
	for pgpool-general@arkaria.postgresql.org;
	Fri, 23 Jan 2026 04:35:24 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vj8tH-00G5Yk-1P
	for pgpool-general@lists.postgresql.org;
	Fri, 23 Jan 2026 04:35:23 +0000
Received: from meldrar.postgresql.org ([2a02:c0:301:0:ffff::31])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vj8tF-001slj-09
	for pgpool-general@lists.postgresql.org;
	Fri, 23 Jan 2026 04:35:22 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=postgresql.org; s=20171124; h=Content-Transfer-Encoding:Content-Type:
	Mime-Version:References:In-Reply-To:From:Subject:Cc:To:Message-Id:Date:Sender
	:Reply-To:Content-ID:Content-Description;
	bh=H02THoBR8sa44U/YLbs0iWv5bn8uUIrroq1Os6vgkuA=; b=GGcO3jx3WPp82ykgI5FKcbXBJY
	Ul8eBiKXvlKU0FhPXY1oh+pSjwedKQRWz7L8BeJmkYZwhfj65EuF/uJa/BEMsLjrqfF29F2h2u/yP
	TmUZ6yNzWGkTIKlAmY1BDfaOpNMruVJOeTAaY1ukSzY+/ICDAN+HaPKW2UvdXc7+phnZhFzYJP2Bc
	9pHwUFQVNNMX07JD8jWVgO3jhmOOjNNWdtd3GqosSx7+ct+ZaZu7emdAU4R7RxEJi0g2pgysRbse7
	VdBMX8VUVj7XiKNBhpxwffHgcGGl7wBqHe5/q2gJ1PX5nJBHiL08kwUl8xgjmuNTNDyCsMfr0mtap
	iFmVAbKw==;
Received: from 117.141.178.217.shared.user.transix.jp ([217.178.141.117]
 helo=localhost)
	by meldrar.postgresql.org with esmtpsa  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ishii@postgresql.org>)
	id 1vj8tB-004GRq-2P;
	Fri, 23 Jan 2026 04:35:20 +0000
Date: Fri, 23 Jan 2026 13:35:10 +0900 (JST)
Message-Id: <20260123.133510.1195841695338539350.ishii@postgresql.org>
To: emond.papegaaij@gmail.com
Cc: pgpool-general@lists.postgresql.org
Subject: Re: Pgpool-II 4.7.0 released.
From: Tatsuo Ishii <ishii@postgresql.org>
In-Reply-To: 
 <CAGXsc+Yg8Y2xxPDtNNYekNvG+ABtzb9GtxuwrbfrBDMJXGVX9w@mail.gmail.com>
References: 
 <CAGXsc+au8Wzjsuk1z-mqPFLfpkjQZSPneLLVbnkUs5rAMXNF=A@mail.gmail.com>
	<20260122.093003.1821723338788147775.ishii@postgresql.org>
	<CAGXsc+Yg8Y2xxPDtNNYekNvG+ABtzb9GtxuwrbfrBDMJXGVX9w@mail.gmail.com>
X-Mailer: Mew version 6.8 on Emacs 29.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
List-Id: <pgpool-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgpool-general@lists.postgresql.org>
List-Owner: <mailto:pgpool-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgpool-general>
Archived-At: 
 <https://www.postgresql.org/message-id/20260123.133510.1195841695338539350.ishii%40postgresql.org>
Precedence: bulk

>> We are thinking to add:
>> wd_listen_addresses0=''
>> heartbeat_listen_addresses0=''
>> :
>> :
>>
>> because watchdog and hearbeat needs separate listen addresses
>> parameter. So if we would add these parameters, users will need to
>> configure number_of_watchdog_nodes * 2 parameters, which will be a
>> pain.
> 
> I would expect to only have to configure 2 listen_addresses, because a
> single instance only listens once per service (watchdog and
> heartbeat). Is there a reason to have to configure the listen
> addresses for all nodes on every node? Why does node 0 need to know
> the listen address of nodes 1 and 2?
> 
> Isn't it possible to add the configuration like this:
> wd_listen_address = '*'
> wd_port = 9009
> wd_heartbeat_listen_address = '*'
> wd_heartbeat_port = 9694

Ok, that makes sense.

wd_listen_addresses (consistent with listen_addresses)
wd_listen_port (wd_port already exists)
wd_heartbeat_listen_addresses (consistent with listen_addresses)
wd_heartbeat_listen_port (adding "listen" looks more consistent with other params)

> I think it's also better to not assume the listen address and port are
> identical to the address and port on which to connect. For example,
> specific TCP forwarding rules might redirect traffic to entirely
> different addresses and ports. So node 0 might listen at
> 192.168.3.50:10000, but TCP forwarding rules might require node 1 to
> connect to 10.0.3.50:9009 to connect to node 0.

Ok, so we will have following 4 new params?

wd_listen_addresses
wd_listen_port
wd_heartbeat_listen_addresses
wd_heartbeat_listen_port

>> One way to mitigate this is, to consider default values for these
>> parameters if they are not specified.  There are two candidate for the
>> default value.
>>
>> (1) "*"
>>
>> This is similar to the pre-4.7 behavior, but less secure.
>>
>> (2) same as hostname0 (for wd_listen_addresses0) and
>>     heartbeat_hostname0 (for heartbeat_hostname0).
>>
>> This is current 4.7 behavior and more secure but does not work for
>> your environment.
>>
>> What do you think?
> 
> I think, whatever implementation for the new parameters is chosen, the
> default behavior or 4.7 should not change. So I'd go for option 2. I
> don't mind having to change the configuration to get 4.7 working for
> us, but I wouldn't expect a new version to be less secure by default
> than the previous version was.

Agreed.

Best regards,
--
Tatsuo Ishii
SRA OSS K.K.
English: http://www.sraoss.co.jp/index_en/
Japanese:http://www.sraoss.co.jp