--------------------- PatchSet 5062 Date: 2007/07/13 13:48:03 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Fix remaining localhost problems: - Revert default logics to handle two distinct localhost IPA - Add --with-localhost-ipv6 option to enable map 127.0.0.1 -> ::1 - Logs now recording which localhost IPA is client - ACL can now block either or both localhost seperately Update NOTES-IPv6. Members: NOTES-IPv6:1.1.2.46->1.1.2.47 configure.in:1.63.2.28->1.63.2.29 lib/IPAddress.cc:1.1.2.54->1.1.2.55 Index: squid3/NOTES-IPv6 =================================================================== RCS file: /cvsroot/squid-sf//squid3/Attic/NOTES-IPv6,v retrieving revision 1.1.2.46 retrieving revision 1.1.2.47 diff -u -r1.1.2.46 -r1.1.2.47 --- squid3/NOTES-IPv6 29 Jun 2007 16:47:59 -0000 1.1.2.46 +++ squid3/NOTES-IPv6 13 Jul 2007 13:48:03 -0000 1.1.2.47 @@ -1,4 +1,4 @@ -$Id: NOTES-IPv6,v 1.1.2.46 2007/06/29 16:47:59 amosjeffries Exp $ +$Id: NOTES-IPv6,v 1.1.2.47 2007/07/13 13:48:03 amosjeffries Exp $ NP: Any problems with this version of squid please contact squid3@treenet.co.nz for assistance. @@ -16,11 +16,10 @@ SOLUTION: Code from 30 June will attempt an IPv6 link and if that fails try IPv4. To my knowledge this only occurs with localhost due to its special nature in both protocols. -BYPASS: If the current fix still fails there is a work-around - Most of the apps squid interacts with over HTTP/FTP where this occurs most - should be capable of a simple IPv6-enabling configuration to get around this. - Configure the other app to listen on IPv6-localhost if possible or to listen - on another explicit IPv4 address (127.0.0.2 for example) and point squid at that. + Code from 15 July has an additional configure option --with-localhost-ipv6 + to enable mapping and preference of locahost-IPv6 over IPv4 with the above + failover on errors. The default behaviour is now to treat them as sperate + unique sources. This solves several other logging and split-stack problems. PROBLEM: Sockets created with IPv4 'family' cannot be use for IPv6 *anywhere*. @@ -36,38 +35,15 @@ The IPv4-listener *cannot* accept requests to IPv6 destinations. SOLUTION: Requires inbound and outbound sockets to be disentangled at the comms layer. That is one of the other planned improvements in 3.1 so won't be fixed here. - - -PROBLEM: Regular segfaults (~3 minutes after startup) -CAUSE: The NetDB protocol that squid uses to transfer peer transit information - sends IP addresses and timing info, but squid assumes its IPv4 info. - This appears to be the cause of the ipcache segfault, as the ipcache was where - the netdb packet were being copied into as binary data plus garbage recevied -SOLUTION: I have lobotomised netdb so that even in IPv6 mode it will only transfer - IPv4 data. Requires finding a netdb size header to get it doing IPv6 also. - - -CAUSE: DNS failure: host newsrss.bbc.co.uk -results from command-line check: - newsrss.bbc.co.uk is an alias for newsrss.bbc.net.uk. - newsrss.bbc.net.uk has address 212.58.240.143 - Host newsrss.bbc.net.uk not found: 2(SERVFAIL) - - -PROBLEM: in IPv6 mode IPv4 nameservers from resolv.conf getting caught as 'unknown' - DNS lookups occasionally log: - idnsRead: FD 8: received 65 bytes from 192.168.0.10:53 - WARNING: Reply from unknown nameserver 192.168.0.10:53 -CAUSE: An error in the comparison logic joining with a problem converting IPA - Would find false non-match IFF one was a socket received value and other set from a string. - Comparison problem Fixed 25 June. If it occurs again try the workaround and report please. -WORKAROUND: change resolv.conf to 'nameserver ::ffff:192.168.0.10' etc... - +NP: A recent bugfix shows this may not be as big a problem on split-stack as previously + believed. The sockets may in fact be being opened from new on both sides of + each request. Which is split-stack friendly. Another intermittent failure: NP: This one appears to be static and only occuring during destruction of IPA. have reduced the assert to a debugs and printf(stderr) WARNING. Have yet to find the actual place the relevant IPA is being memset? to null. +NP2: found a few spots doing memset where they should not. Probably more coming. Program received signal SIGABRT, Aborted. #3 0x08089771 in xassert (msg=0x81501aa "false", file=0x81573b0 "IPAddress.cc", line=900) at debug.cc:569 @@ -116,4 +92,8 @@ 4.4 Convert Auth modules to handle IPv6 addresses +4.5 Test for problems under Windows (split-stack). + +4.6 Write a Neighbour-Discovery auto-configuration component. + 5 find more, bugs etc ??? Index: squid3/configure.in =================================================================== RCS file: /cvsroot/squid-sf//squid3/configure.in,v retrieving revision 1.63.2.28 retrieving revision 1.63.2.29 diff -u -r1.63.2.28 -r1.63.2.29 --- squid3/configure.in 11 Jul 2007 01:34:06 -0000 1.63.2.28 +++ squid3/configure.in 13 Jul 2007 13:48:03 -0000 1.63.2.29 @@ -1,7 +1,7 @@ dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.63.2.28 2007/07/11 01:34:06 amosjeffries Exp $ +dnl $Id: configure.in,v 1.63.2.29 2007/07/13 13:48:03 amosjeffries Exp $ dnl dnl dnl @@ -11,7 +11,7 @@ AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) AM_INIT_AUTOMAKE([tar-ustar]) -AC_REVISION($Revision: 1.63.2.28 $)dnl +AC_REVISION($Revision: 1.63.2.29 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -1807,11 +1807,22 @@ AC_MSG_CHECKING([whether to enable IPv6]) AC_ARG_WITH(ipv6-split-stack, - [ --with-ipv6-split-stack Require IPv6 split-stack support (Depends on IPv6 Support)], + [ --with-ipv6-split-stack Require IPv6 split-stack support (Requires IPv6 Support)], AC_DEFINE(USE_IPV6_SPLITSTACK, 1, [Enable support for Split-Stack IPv6 Implementations]) , AC_DEFINE(USE_IPV6_SPLITSTACK, 0, [No support for split-stack IPv6 Implementations]) ) +AC_ARG_WITH(localhost-ipv6, + [ --with-localhost-ipv6 Prefer IPv6 localhost address over IPv4 (Requires IPv6 Support). + Treats 127.0.0.1 and ::1 as identical and converts all inputs of to ::1 + This depends on Dual-Stack support in the OS and all applications + squid contacts via localhost being IPv6 enabled. + Default: OFF. Treats these two IP as different, squid.conf must + define both 127.0.0.1 and ::1 for the localhost ACL, etc. ], + AC_DEFINE(IPV6_SPECIAL_LOCALHOST, 1, [Convert IPv4-localhost requests to IPv6.]) , + AC_DEFINE(IPV6_SPECIAL_LOCALHOST, 0, [Keep IPv4 and IPv6 Localhosts seperate.]) +) + AC_ARG_ENABLE(ipv6, [ --enable-ipv6 Enable ipv6 support], [ AC_MSG_RESULT(yes) Index: squid3/lib/IPAddress.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/lib/Attic/IPAddress.cc,v retrieving revision 1.1.2.54 retrieving revision 1.1.2.55 diff -u -r1.1.2.54 -r1.1.2.55 --- squid3/lib/IPAddress.cc 13 Jul 2007 10:05:41 -0000 1.1.2.54 +++ squid3/lib/IPAddress.cc 13 Jul 2007 13:48:05 -0000 1.1.2.55 @@ -1,6 +1,6 @@ /* - * $Id: IPAddress.cc,v 1.1.2.54 2007/07/13 10:05:41 amosjeffries Exp $ + * $Id: IPAddress.cc,v 1.1.2.55 2007/07/13 13:48:05 amosjeffries Exp $ * * DEBUG: section 14 IP Storage and Handling * AUTHOR: Amos Jeffries @@ -285,10 +285,17 @@ bool IPAddress::IsLocalhost() const { #if USE_IPV6 - return m_SocketAddr.sin6_addr.s6_addr32[0] == 0 + return m_SocketAddr.sin6_addr.s6_addr32[0] == 0 && m_SocketAddr.sin6_addr.s6_addr32[1] == 0 && m_SocketAddr.sin6_addr.s6_addr32[2] == 0 && m_SocketAddr.sin6_addr.s6_addr32[3] == htonl(0x1) + +#if !IPV6_SPECIAL_LOCALHOST + || m_SocketAddr.sin6_addr.s6_addr32[0] == 0 + && m_SocketAddr.sin6_addr.s6_addr32[1] == 0 + && m_SocketAddr.sin6_addr.s6_addr32[2] == htonl(0xffff) + && m_SocketAddr.sin6_addr.s6_addr32[3] == htonl(0x7F000001) +#endif ; #else @@ -301,8 +308,13 @@ #if USE_IPV6 SetAnyAddr(); m_SocketAddr.sin6_addr.s6_addr[15] = 0x1; +#if IPV6_SPECIAL_LOCALHOST m_Type = IPv64; #else + m_Type = IPv6; +#endif + +#else m_SocketAddr.sin_addr.s_addr = htonl(0x7F000001); m_Type=IPv4; @@ -514,10 +526,12 @@ m_Type = (IPAddressType)(m_Type | IPv64); } +#if IPV6_SPECIAL_LOCALHOST /* check for ::ffff:x.x.x.x IPv4-mapped addresses */ else if( IsLocalhost() ) { m_Type = (IPAddressType)(m_Type | IPv64); // Localhost is stored as native version. } +#endif /* FIXME : maybe other tests can apply if the IPA was mapped in other ways */ /* I know of 2002:0.0.0.0:: mappings and possibly fe80::???? mappings */ @@ -1053,19 +1067,23 @@ out.s6_addr32[1] = 0xFFFFFFFF; out.s6_addr32[2] = 0xFFFFFFFF; out.s6_addr32[3] = 0xFFFFFFFF; + +#if IPV6_SPECIAL_LOCALHOST } else if( in.s_addr == htonl(0x7F000001)) { /* LOCALHOST */ memset(&out, 0, sizeof(struct in6_addr)); out.s6_addr32[3] = htonl(0x1); +#endif + } else { /* general */ memset(&out, 0, sizeof(struct in6_addr)); + out.s6_addr32[2] = htonl(0xFFFF); out.s6_addr32[3] = in.s_addr; - out.s6_addr16[5] = htons((unsigned short)0xFFFF); } } @@ -1078,12 +1096,15 @@ memset(&out, 0, sizeof(struct in_addr)); out.s_addr = in.s6_addr32[3]; +#if IPV6_SPECIAL_LOCALHOST /* LOCALHOST */ if( IsLocalhost() ) { out.s_addr = htonl(0x7F000001); } +#endif + } #endif