On 9/01/2013 2:04 a.m., Loïc Blot wrote:
> Le mercredi 09 janvier 2013 à 00:05 +1300, Amos Jeffries a écrit :
>> On 8/01/2013 8:06 p.m., Loïc BLOT wrote:
>>> In my case, it seems the ASSERT is thrown when GetAddrInfo look at
>>> inexistant DNS name. (in the backtrace the DNS name does'nt exists).
>>> Before there is 2 conditions for IPv4 and IPv6. This function is called
>>> before any helper i think (Comm::ConnOpener::start), squidGuard doesn't
>>> show anything about this case in the logs.
>> IP::Address::GetAddrInfo() function is called to convert an IP address
>> from Squid internal storage format to POSIX address storage format for
>> passing to the operating system.
>> DNS and domain names are not relevant, this is purely an IP->IPv4 and
>> IP->IPv6 conversion. The ASSERT() is there to cause a crash for debug
>> when IPv6 address is forced into smaller IPv4 format and the reverse.
> Squid is compiled with --disable-ipv6 support, maybe some code disabled
> are necessary.
All that does is set the Ip::enableIpv6 variable to false. Which is used
in the IsIpv6() test clause, but this whole area of code should not be
relevant. see below...
>
>> The problem is apparently that AF_UNSPEC on OpenBSD is 0 when the
>> comm.cc part of Squid is built and non-0 when the src/ip/ library part
>> is built. Weird.
>>
>>> One thing is sure, when i resolve this problem my squid doesn't crash
>>> anymore, and my clients can work without any problem.
>>> For asserts, i understand your view. In my case, i prefer to handle code
>>> rather than force crash program, that's better for stability. I know
>>> assert means the program comes to an unattended area.
>> How do you handle storing a 128-bit value into a 32-bit storage space?
> If you look my patch, i abort the request when the error comes by return
> -1 on comm.cc. Negative values causes request abord in comm.cc modified
> function, it's native.
> (http://bugs.squid-cache.org/show_bug.cgi?id=3732)
>>> Since this patch, squid stability is now perfect
>>> 6104 _squid 2 0 3067M 3070M sleep/1 poll 20:53 0.73%
>>> squid
>>>
>>> 20h uptime, 0 crash, whereas before 2 min only.
>>> ~45000 requests were treated during uptime.
>> How many connections were randomly aborted with no response?
>> How many were failed to IPv4 connections when IPv6 connectivity was
>> presented by the website?
>>
>> Amos
>>
> IPv6 isn't presented by the website because we don't have IPv6
> connectivity, and link-local addresses are disabled with -inet6 under
> OpenBSD. Moreover, as i say, the --disable-ipv6 compile option is
> enabled. I use many websites which have IPv6 connectivity (like my
> website) and there is no problem, and no abort. It seems the problem is
> under non existant domains.
If it is only for non-existent domains something else has gone badly
wrong. Because Squid-3.2+ should never reach the point of opening a
connection. The DNS no-IPs result is supposed to cause a error page
being generated and sent to the client by Squid with no server contact
at all.
This is as if there was a single IP address of "0.0.0.0" returned to
Squid. At which point Squid attempts to connect to that IP which is invalid.
Amos
Received on Wed Jan 09 2013 - 00:00:11 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 09 2013 - 12:00:07 MST