Re: [squid-users] Re: squid 3.1.6 icap problem from Amos Jeffries on 2010-08-03 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 04 Aug 2010 03:34:58 +0000

On Wed, 04 Aug 2010 03:16:37 +0000, Amos Jeffries <squid3_at_treenet.co.nz>
wrote:
> On Tue, 03 Aug 2010 21:11:37 +0200, "Holger Hoffstaette"
> <holger.hoffstaette_at_googlemail.com> wrote:
>> On Tue, 03 Aug 2010 19:30:55 +0200, John Doe wrote:
>>
>>> Today I wanted to upgrade from Squid 3.1.5 to Squid 3.1.6, but
>>> unfortunately I ran into a few problems, one of them was an icap
> problem
>>> (1), the other one is related to IPv6 (2) I suppose. I am running
> RHEL5.5
>>> 64 Bit with a lot of RAM and a lot of CPUs.
>> [..]
>>> (2) comm_open: socket failure: (97) Address family not supported by
>>> protocol I read that this is related to IPv6, so I tried to compile
> squid
>>> 3.1.6 with --disable-ipv6, but it did not change anything at all.
>>
>> I can confirm the second problem - same error message. I also had built
>> 3.1.5 with --disable-ipv6 (on Gentoo, with the appropriate USE flag)
and
>> had no problems with it, but according to the changelog 3.1.6 now does
>> detection at runtime and this does not fully work any more.
>
> In 3.1.6 with --disable-ipv6 the detection is disabled and the result
> fixed at off. The core of the code may still pass around IPv6 addresses
> from raw URLs or config settings etc.
> It looks like this is another spot of the code not being selective of
its
> socket addresses.
>
>> In my case I could use squid from a WinXP client with Firefox
> (configured
>> to explicitly force IPv4 addresses), but not with a Firefox Twitter
>> plugin - which seems to use Firefox' proxy settings, but apparently not
>> the enforcement (?). I have no idea why, but not using the the proxy or
>> reverting to 3.1.5 fixed things. And no, it was not a temporary false
>> positive ;)
>
> I'm going to need some system and transaction details to understand this
> one.
>
> What is the squid.conf settings please?
> What does netstat say about the Squid ports?
> a trace immediately after one such failed transaction showing the port
> details which failed would be great (probably a random TCP link in
> TIME_WAIT state).
>
> What URL was being attempted which fails?
> What does that domain name resolve to from the squid box? (both AAAA
and
> A)
>
> Amos

Um, I just found this part of ICAP opening a v6 socket without checking
the requirements. This may help both of you:
http://treenet.co.nz/projects/squid/patches/squid-3.1.6-icap-default-socket.patch
Note: there is a lot of design still needed to make the split-stack
default something reasonable for general use.

Amos
Received on Wed Aug 04 2010 - 03:35:01 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 04 2010 - 12:00:02 MDT