--------------------- PatchSet 6399 Date: 2007/12/18 22:40:49 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Update NOTES-IPv6. - most of the content has been moved to more apprppriate places, ie bugzilla, release-notes-3.1 Members: NOTES-IPv6:1.1.2.80->1.1.2.81 Index: squid3/NOTES-IPv6 =================================================================== RCS file: /cvsroot/squid-sf//squid3/Attic/NOTES-IPv6,v retrieving revision 1.1.2.80 retrieving revision 1.1.2.81 diff -u -r1.1.2.80 -r1.1.2.81 --- squid3/NOTES-IPv6 16 Dec 2007 22:27:05 -0000 1.1.2.80 +++ squid3/NOTES-IPv6 18 Dec 2007 22:40:49 -0000 1.1.2.81 @@ -1,4 +1,4 @@ -$Id: NOTES-IPv6,v 1.1.2.80 2007/12/16 22:27:05 amosjeffries Exp $ +$Id: NOTES-IPv6,v 1.1.2.81 2007/12/18 22:40:49 amosjeffries Exp $ NP: Any problems with this version of squid please contact squid3@treenet.co.nz for assistance. @@ -8,75 +8,9 @@ built from an empty state in the usual manner. -IPv6 NEW FEATURES: - - Squid handles localhost values seperately. For the purpose of ACLs and also external - connections ::1 is considered a seperate IP from 127.0.0.1. This means all ACL which - define behaviour for localhost may need ::1/128 included. - - --with-localhost-ipv6 option is provided for Pure-IPv6 setups who do not want to be - bothered by the localhost vagaries. It will enable logics to map all localhost traffic - through ::1 unless an IPv4-only link is required. - - --with-ipv4-mapped option is provided for OS that do not do accept raw IPv4 - addresses to IPv6 sockets, but require the client to do all the v4-mapping itself. - It is not intended to be used outside Windows Vista builds. - - Pinger has been upgraded to perform both ICMP and ICMPv6 as required. - As a result of this and due to a change in the binary protocol format between them, - new builds of squid are no longer backwards-compatible with old pinger binaries. - You will need to perform "make install-pinger" again after installing squid. - - Peer and Client SNMP tables have been altered to handle IPv6 addresses. - As a side effect of this the long-missing fix to show seperate named peers on one IP - has been integrated. Making the SNMP peer table now produce correct output. - The table structure change is identical for both IPv4-only and Dual modes but with - IPv4-only simply not including any IP6 entries. This means any third-party SNMP - software which hard coded the MIB paths needs to be upgraded for this Squid release. - - -IPv6 LIMITS: - - Specify a specific tcp_outgoing_address and the clients who match its ACL are limited - to the IPv4 or IPv6 network that address belongs to. They are not permitted over the - IPv4-IPv6 boundary. Some ACL voodoo (detailed in squid.conf) can however be applied to - explicitly route the IPv6/v4 -bound traffic out an appropriate interface. - - WCCP is not available (neither version 1 or 2). - - Transparent/Interception is done via NAT at the OS level and is not available (yet) in IPv6. - Squid will ensure that any port set with transparent or tproxy options be an IPv4-only - listening address. Wildcard can still be used but will not open as an IPv6. - To ensure that squid can accept IPv6 traffic on its default port, an alternative should - be chosen to handle transparent traffic. - ie http_port 3128 - http_port 8080 transparent - - Bundled NTLM Auth helper is IPv4-native between itself and the NTLM server. - A new one will be needed for IPv6 traffic between the helper and server. - - Bundled RADIUS Auth helper is IPv4-native, both in traffic between and data storage - with the RADIUS server. A new helper will be needed for IPv6 RADIUS protocol. - - CURRENTLY KNOWN ISSUES: -PROBLEM: external helper dnsserver "-s" option requires IPv4-only structures. -UPDATE: The internal resolver structure _res* proved to be a very nasty mess. - I've found the time to sort it out (I think) and it appears to be going - well enough for some detailed tests. -UPDATE: Due to a change in FreeBSD 6.2 IPv6 nameservers MAY NOT be set via dns_nameservers - in the squid.conf or passed via -s option to dnsserver. - Instead they must be configured in /etc/resolv.conf. - - -PROBLEM: Testers report that "using WebDAV against my Squid-accelerated Apache gives - all sorts of odd timeouts" but tester unable to spend time tracing the cause. -NP: Need someone with a WebDAV setup and time to assist with test/debug cycle. - I suspect that it has to do with missing authentication support in IPv6. - - PROBLEM: Sockets created with IPv6 family gives "92 Protocol not supported" errors for getsockopt in clientNatLookup via netfilter. This occurs regardless of the actual source and destination IP types. @@ -139,5 +73,3 @@ 4.7 Dec 2007: check back with iptables/netfilter to see if getsockopt( *_ORIGINAL_DST) will handle IPv4 traffic NAT'd to an IPv6 listener socket yet. - -5 find more, bugs etc ???