Le mercredi 09 janvier 2013 à 00:05 +1300, Amos Jeffries a écrit :
> On 8/01/2013 8:06 p.m., Loïc BLOT wrote:
> > In my case, it seems the ASSERT is thrown when GetAddrInfo look at
> > inexistant DNS name. (in the backtrace the DNS name does'nt exists).
> > Before there is 2 conditions for IPv4 and IPv6. This function is called
> > before any helper i think (Comm::ConnOpener::start), squidGuard doesn't
> > show anything about this case in the logs.
>
> IP::Address::GetAddrInfo() function is called to convert an IP address
> from Squid internal storage format to POSIX address storage format for
> passing to the operating system.
> DNS and domain names are not relevant, this is purely an IP->IPv4 and
> IP->IPv6 conversion. The ASSERT() is there to cause a crash for debug
> when IPv6 address is forced into smaller IPv4 format and the reverse.
Squid is compiled with --disable-ipv6 support, maybe some code disabled
are necessary.
>
> The problem is apparently that AF_UNSPEC on OpenBSD is 0 when the
> comm.cc part of Squid is built and non-0 when the src/ip/ library part
> is built. Weird.
>
> > One thing is sure, when i resolve this problem my squid doesn't crash
> > anymore, and my clients can work without any problem.
> > For asserts, i understand your view. In my case, i prefer to handle code
> > rather than force crash program, that's better for stability. I know
> > assert means the program comes to an unattended area.
>
> How do you handle storing a 128-bit value into a 32-bit storage space?
If you look my patch, i abort the request when the error comes by return
-1 on comm.cc. Negative values causes request abord in comm.cc modified
function, it's native.
(http://bugs.squid-cache.org/show_bug.cgi?id=3732)
>
> > Since this patch, squid stability is now perfect
> > 6104 _squid 2 0 3067M 3070M sleep/1 poll 20:53 0.73%
> > squid
> >
> > 20h uptime, 0 crash, whereas before 2 min only.
> > ~45000 requests were treated during uptime.
>
> How many connections were randomly aborted with no response?
> How many were failed to IPv4 connections when IPv6 connectivity was
> presented by the website?
>
> Amos
>
IPv6 isn't presented by the website because we don't have IPv6
connectivity, and link-local addresses are disabled with -inet6 under
OpenBSD. Moreover, as i say, the --disable-ipv6 compile option is
enabled. I use many websites which have IPv6 connectivity (like my
website) and there is no problem, and no abort. It seems the problem is
under non existant domains.
-- Best regards, Loïc BLOT, Engineering UNIX Systems, Security and Networks http://www.unix-experience.frReceived on Tue Jan 08 2013 - 13:05:01 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 09 2013 - 12:00:07 MST