--------------------- PatchSet 5243 Date: 2007/08/11 03:00:43 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Update IPv6 notes. Members: NOTES-IPv6:1.1.2.54->1.1.2.55 Index: squid3/NOTES-IPv6 =================================================================== RCS file: /cvsroot/squid-sf//squid3/Attic/NOTES-IPv6,v retrieving revision 1.1.2.54 retrieving revision 1.1.2.55 diff -u -r1.1.2.54 -r1.1.2.55 --- squid3/NOTES-IPv6 8 Aug 2007 05:46:29 -0000 1.1.2.54 +++ squid3/NOTES-IPv6 11 Aug 2007 03:00:43 -0000 1.1.2.55 @@ -1,9 +1,8 @@ -$Id: NOTES-IPv6,v 1.1.2.54 2007/08/08 05:46:29 amosjeffries Exp $ +$Id: NOTES-IPv6,v 1.1.2.55 2007/08/11 03:00:43 amosjeffries Exp $ NP: Any problems with this version of squid please contact squid3@treenet.co.nz for assistance. - NP: All IPv6 builds from before 9 June 2007 contain a cache corruption bug and require a full cachedir deletion and rebuild. Failure to do this will result in random segfaults and memory corruption. @@ -21,8 +20,7 @@ --with-ipv4-mapped option is provided for OS that do not do accept raw IPv4 addresses to IPv6 sockets, but require the client to do all the v4-mapping itself. - This is now considered unsafe by the industry and breaks protocol-independance. - It is not intended to be used unless absolutely necessary. + It is not intended to be used outside Windows Vista builds. IPv6 LIMITS: @@ -32,16 +30,19 @@ IPv4-IPv6 boundary. Some ACL voodoo (detailed in squid.conf) can however be applied to explicitly route the IPv6/v4 -bound traffic out an appropriate interface. - WCCP is not available. + WCCP is not available (neither version 1 or 2). Transparent proxy is not available. CURRENTLY KNOWN ISSUES: -PROBLEM: external helper dnsserver "-s" option requires IPv4-only structures at present. -SOLUTION: I'm working on using new bind9 resolver structures _res_ext in place of older _res. +PROBLEM: external helper dnsserver "-s" option requires IPv4-only structures. +UPDATE: bind9 structure _res._u._ext and _res_ext proved to be a very nasty mess. + For now the dnsserver has no support for -s, other than that its going again. WORKAROUND: do not use --disable-internal-dns configure option. + OR alternatively remove -s and -D options from utilities that call dnsserver + (-D is now default behaviour and obsolete) PROBLEM: Testers report that "using WebDAV against my Squid-accelerated Apache gives @@ -53,27 +54,18 @@ for getsockopt in clientNatLookup via netfilter. This occurs regardless of the actual source and destination IP types. ie IPv4-client to IPv4-server REDIRECT'd to squid on [::]:81 -NP: iptables < 1.3.7 tested bad. +NP: iptables <= 1.3.8 tested bad. SOLUTION: iptables/netfilter crew working on IPv6 support. Try again in a few months. PROBLEM: Sockets created with IPv4 'family' cannot be use for IPv6 *anywhere*. Likewise ones opened for IPv6 on split-stack systems cannot be used for IPv4. - The system that allocates pre-opened sockets to connections needs to - be modified such that it checks the stored family of the socket - matches the client addr family before allocating it. -NP: This has not been seen in real-world effect yet. Still entirely theoretical. - -NP: have modified fde to store the sock_family a socket was allocated with. - Also GetAddrInfo to specifiy needed protocol formatting of an addrinfo. - This will still fail retrieving AF_INET of an IPv6-pure destination. - ie. If squid listens on 2 ports, one IPv6, one IPv4 (as REQUIRED for spit-stack). - The IPv4-listener *cannot* accept requests to IPv6 destinations. -SOLUTION: Requires inbound and outbound sockets to be disentangled at the comms layer. - That is one of the other planned improvements in 3.1 so won't be fixed here. -NP: A recent bugfix shows this may not be as big a problem on split-stack as previously - believed. The sockets may in fact be being opened from new on both sides of - each request. Which is split-stack friendly. +WORKAROUND: + Specifiy explicit listener addresses (MUST NOT BE :: or 0.0.0.0) in + *_port lines. Add tcp_outgoing_address configuration to map outbound traffic + to the desired network version (see magic voodoo in squid.conf docs). +NP: If a tester can confirm this config works on Split-Stack systems it will become the + the official method of squid use on those systems. PROBLEM: Another intermittent failure: @@ -82,6 +74,7 @@ Have yet to find the actual place the relevant IPA is being memset? to null. NP2: found a few spots doing memset where they should not. Probably more coming. NP: Sometime during July these have stopped for me. +NP3: now mid-august with nonw in sight for weeks. Calligng it a closed issue. Program received signal SIGABRT, Aborted. #3 0x08089771 in xassert (msg=0x81501aa "false", file=0x81573b0 "IPAddress.cc", line=900) at debug.cc:569 @@ -127,8 +120,9 @@ 4.3 Write ICMPv6 engine (performs echo for peer-selection stats). 4.4 Convert Auth modules to handle IPv6 addresses + requires conversion to C++ -4.5 Test for problems under Windows (split-stack). +4.5 Test for problems under Windows (Vista AND XP seperately). 4.6 Write a Neighbour-Discovery auto-configuration component.