Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Hi, Can you test the attached patch? It fixes the problrem for me. Without this patch, I need to set tcp_outgoing_address to force IPv4 for some sites. diff -uNrp squid3-3.1.18.orig/src/comm.cc squid3-3.1.18/src/comm.cc --- squid3-3.1.18.orig/src/comm.cc 2011-12-03 06:18:46.0 + +++ squid3-3.1.18/src/comm.cc 2012-01-18 10:03:30.422424903 + @@ -984,8 +984,8 @@ ConnectStateData::commResetFD() fde *F = fd_table[fd]; struct addrinfo *AI = NULL; -F-local_addr.GetAddrInfo(AI); -int new_family = AI-ai_family; +const int new_family = F-sock_family; +F-local_addr.GetAddrInfo(AI, new_family); int fd2 = socket(new_family, AI-ai_socktype, AI-ai_protocol); @@ -1126,22 +1126,31 @@ ConnectStateData::connect() callCallback(COMM_OK, 0); break; -case COMM_ERR_PROTOCOL: +case COMM_ERR_PROTOCOL: { debugs(5, 5, HERE FD fd : COMM_ERR_PROTOCOL - try again); -/* problem using the desired protocol over this socket. - * skip to the next address and hope it's more compatible - * but do not mark the current address as bad +/* A remote address is incompatible with this socket. If local + * address is not wildcard address, skip to the next address + * but do not mark the current address as bad. */ -tries++; -if (commRetryConnect()) { +fde *F = fd_table[fd]; +if (F-local_addr.IsAnyAddr()) { +struct addrinfo *AI = NULL; +S.GetAddrInfo(AI); +F-sock_family = AI-ai_family; +S.FreeAddrInfo(AI); +} else { +tries++; /* Force an addr cycle to move forward to the next possible address */ ipcacheCycleAddr(host, NULL); +} +if (commRetryConnect()) { eventAdd(commReconnect, commReconnect, this, this-addrcount == 1 ? 0.05 : 0.0, 0); } else { debugs(5, 5, HERE FD fd : COMM_ERR_PROTOCOL - ERR tried too many times already.); callCallback(COMM_ERR_CONNECT, errno); } break; +} default: debugs(5, 5, HERE FD fd : * - try again); @@ -1243,29 +1252,7 @@ comm_connect_addr(int sock, const IpAddr debugs(5, 9, comm_connect_addr: connecting socket sock to address (want family: F-sock_family )); -/* Handle IPv6 over IPv4-only socket case. - * this case must presently be handled here since the GetAddrInfo asserts on bad mappings. - * NP: because commResetFD is private to ConnStateData we have to return an error and - * trust its handled properly. - */ -if (F-sock_family == AF_INET !address.IsIPv4()) { -errno = ENETUNREACH; -return COMM_ERR_PROTOCOL; -} - -/* Handle IPv4 over IPv6-only socket case. - * This case is presently handled here as it's both a known case and it's - * uncertain what error will be returned by the IPv6 stack in such case. It's - * possible this will also be handled by the errno checks below after connect() - * but needs carefull cross-platform verification, and verifying the address - * condition here is simple. - */ -if (!F-local_addr.IsIPv4() address.IsIPv4()) { -errno = ENETUNREACH; -return COMM_ERR_PROTOCOL; -} - -address.GetAddrInfo(AI, F-sock_family); +address.GetAddrInfo(AI); /* Establish connection. */ errno = 0;
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Hi, remove the route entrie do the trick. However, it seems better to pass bindv6only to 0. With this version of squid, and full ipv6, we experiment some timeout problems. With only a local ipv6 address, we experiment this bug. Do an echo 0 /proc/sys/net/ipv6/bindv6only, or adjust /etc/sysctl.d/bindv6only.conf, resolve all bugs. Regards. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is, enabled but not routed
We have just had some problem solving on the squid-users mailing list for what appears to be this same problem. The solution found there was to check ip -6 route and remove the route entries (default route is automatic when IPv6 is enabled). Amos Jeffries -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Hi, Experiencing the same problem with squid 3.1.11-1 packaged in sid. Recompile with the option --disable_ipv6 solve the the problem. Regards. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Hi Jean-Philippe, can you please report on the status of the dns_v4_fallback in your setup? This should be set 'on' by default. Regards, L Il giorno 02/mar/2011, alle ore 17.49, Jean-Philippe Menil ha scritto: Hi, Experiencing the same problem with squid 3.1.11-1 packaged in sid. Recompile with the option --disable_ipv6 solve the the problem. Regards. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- Luigi Gangitano -- lu...@debian.org -- gangit...@lugroma3.org GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Le 02/03/2011 18:17, Luigi Gangitano a écrit : Hi Jean-Philippe, can you please report on the status of the dns_v4_fallback in your setup? This should be set 'on' by default. Regards, L Il giorno 02/mar/2011, alle ore 17.49, Jean-Philippe Menil ha scritto: Hi, Experiencing the same problem with squid 3.1.11-1 packaged in sid. Recompile with the option --disable_ipv6 solve the the problem. Regards. -- Jean-Philippe Menil - Pôle réseau Service IRTS DSI Université de Nantes jean-philippe.me...@univ-nantes.fr Tel : 02.53.48.49.27 - Fax : 02.53.48.49.09 -- Luigi Gangitano --lu...@debian.org -- gangit...@lugroma3.org GPG: 1024D/924C0C26: 12F8 9C03 89D3 DB4A 9972 C24A F19B A618 924C 0C26 Hi, thanks for your response. It wasn't in my squid.conf, because i've choose to keep my old settings when i upgraded the packet. I've re-installed the packet with the good squid.conf, paste my acls, and by default dns_v4_fallback is on. Set to off, give me the same result: 503 Service Unavailable. Regards. attachment: jean-philippe_menil.vcf
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Experiencing the same problem (hosts with more than one record do not work) with stock install of squid3 3.1.6-1.1 on multiple computers. NB. bugs.debian.org today has just one address (and works) but packages.debian.org still has two and security.debian.org also fails with three. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Hi, Sorry for the lack of response, bug submitters don't get email sent to the bug by default and I hadn't subscribed to the bug! I tried the patch at http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-10841.patch and it doesn't fix things for me. Regards, Stephen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Strange. It's cycling before completing all IPs. Does this upstream patch related to IP counts help? http://www.squid-cache.org/Versions/v3/3.HEAD/changesets/squid-3-10841.patch -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
The fact that other sites are working properly with the same access types indicates a problem outside of Squid which affects it. ServFail DNS result, PMTU or routing issues come to mind. If one particular remote IP is inaccessible and the link hanging it can prevent Squid having time to do failover recovery. connect_timeout determines how much time is allowed for each attempt. It's also worth checking your access.log and IP-cache (squidclient mgr:ipcache) to see what addresses Squid has on record for bugs.debian.org vs other similar working domains (ie www.debian.org) and what it thinks of each IP. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#593815: squid3: bugs.debian.org inaccessible when IPv6 is enabled but not routed
Package: squid3 Version: 3.1.6-1 Severity: normal Tags: ipv6 Hi, This may of course be due to misconfiguration on my end, in which case I'm sorry to bother you. Since the upgrade from squid3 3.1.3-2 to 3.1.6-1, http://bugs.debian.org is inaccessible; Squid always reports that the network is inaccessible. Rebuilding squid3 with --disable-ipv6 fixes this. This machine does have an IPv6 address (which seems to be the default nowadays), but IPv6 isn't routed out to the gateway. As I understand it Squid is supposed to handle this and fall back to IPv4, and it does in all the other cases I've found so far; for example www.debian.org has an record (as well as an A record) but remains accessible. Do you have any idea what could be going wrong? Regards, Stephen -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.34-1-686-bigmem (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages squid3 depends on: ii adduser 3.112 add and remove users and groups ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libcap2 1:2.19-3 support for getting/setting POSIX. ii libcomerr21.41.12-2 common error description library ii libdb4.8 4.8.26-1 Berkeley v4.8 Database Libraries [ ii libexpat1 2.0.1-7XML parsing C library - runtime li ii libgcc1 1:4.4.4-8 GCC support library ii libgssapi-krb5-2 1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.3+dfsg~beta1-1 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libpam0g 1.1.1-3Pluggable Authentication Modules l ii libsasl2-22.1.23.dfsg1-5 Cyrus SASL - authentication abstra ii libstdc++64.4.4-8The GNU Standard C++ Library v3 ii libxml2 2.7.7.dfsg-4 GNOME XML library ii logrotate 3.7.8-6Log rotation utility ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip ii netbase 4.42 Basic TCP/IP networking system ii squid3-common 3.1.6-1A full featured Web Proxy cache (H squid3 recommends no packages. Versions of packages squid3 suggests: pn resolvconfnone (no description available) ii smbclient 2:3.4.8~dfsg-2 command-line SMB/CIFS clients for ii squid-cgi 3.1.6-1A full featured Web Proxy cache (H pn squidclient none (no description available) -- Configuration Files: /etc/squid3/squid.conf changed: acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid3 1024 16 256 coredump_dir /var/spool/squid3 url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 shutdown_lifetime 5 seconds dns_v4_fallback on -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org