Package: squid3 Version: 3.1.6-1.2+squeeze2 Severity: normal
During an IPv6 outage today I hit this bug again and tried out the patch [1] from Kusanagi Kouichi <sl...@ac.auone-net.jp> (thanks, Kusanagi!). Since my IPv6 upstream was working again before the squid build was completed, I used ip6tables to "simulate" the conditions: flatty:~# ip6tables -I INPUT -s 2001:8d8:580:400:6564:a62:0:2 -j DROP flatty:~# ip6tables -I INPUT -s 2001:858:2:2:214:22ff:fe11:ac9e -j DROP flatty:~# ip6tables -I INPUT -s 2607:f8f0:610:4000:6564:a62:ce0c:1372 -j DROP Accessing [1] with an unpatched squid from squeeze (3.1.6-1.2+squeeze2) failed with the following error message after three minutes: === Cut === The following error was encountered while trying to retrieve the URL: http://bugs.debian.org/cgi-bin/ bugreport.cgi? Connection to 2607:f8f0:610:4000:6564:a62:ce0c:1372 failed. The system returned: (101) Network is unreachable The remote host or network may be down. Please try the request again. === Cut === With Kusanagis patch applied, it still took considerable time sometimes (though not always), but at least it worked. Sascha [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=65;filename=ipv6-fix.diff;att=1;bug=593815 -- System Information: Debian Release: 6.0.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: armel (armv5tel) Kernel: Linux 2.6.32-5-kirkwood Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid3 depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libcomerr2 1.41.12-4stable1 common error description library ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libexpat1 2.0.1-7 XML parsing C library - runtime li ii libgcc1 1:4.4.5-8 GCC support library ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libxml2 2.7.8.dfsg-2+squeeze3 GNOME XML library ii logrotate 3.7.8-6 Log rotation utility ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii netbase 4.45 Basic TCP/IP networking system ii squid3-common 3.1.6-1.2+squeeze2 A full featured Web Proxy cache (H squid3 recommends no packages. Versions of packages squid3 suggests: ii resolvconf 1.46 name server information handler pn smbclient <none> (no description available) pn squid-cgi <none> (no description available) pn squidclient <none> (no description available) -- Configuration Files: /etc/squid3/squid.conf changed: acl manager proto cache_object acl from_localhost src 127.0.0.0/8 acl from_localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl to_localhost dst ::1/128 acl from_localnet src 192.168.0.0/16 acl from_localnet src 2001:6f8:120a::/64 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl to_broken_ipv6_sites dst 2002:1255:2c78::1/128 acl to_broken_ipv6_sites dst 2002:8cba:4600::/40 http_access allow manager from_localhost http_access deny manager http_access deny to_localhost http_access allow from_localnet http_access allow from_localhost http_access deny all http_port 192.168.1.252:3128 http_port 127.0.0.1:3128 tcp_outgoing_address 192.168.1.252 to_broken_ipv6_sites hierarchy_stoplist cgi-bin ? cache_mem 32 MB memory_replacement_policy heap GDSF cache_replacement_policy heap GDSF cache_dir ufs /var/cache/squid/small 128 16 256 max-size=262144 cache_replacement_policy heap LFUDA cache_dir ufs /var/cache/squid/big 16384 64 256 maximum_object_size 512 MB log_mime_hdrs on coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 refresh-ims read_ahead_gap 64 KB pconn_timeout 10 minute shutdown_lifetime 5 seconds cache_mgr censored@noSPAM.local visible_hostname proxy.sascha.silbe.org unique_hostname flatty.sascha.silbe.org hostname_aliases localhost flatty proxy digest_rebuild_period 12 hour digest_rewrite_period 12 hour accept_filter data dns_v4_fallback on forwarded_for off pipeline_prefetch on -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org