Package: squid3
Version: 3.1.6-1.2
Severity: normal
Tags: patch upstream
Sometimes Squid needs to use TCP for a DNS lookup when the DNS exchanges are
large (an example is stat.canal-plus.com). When this happens, and if neither
udp_outgoing_address (not a typo) nor udp_incoming_address are specified in the
configuration file, Squid always binds the TCP socket to an IPv6 address.
Consequently, if IPv6 is disabled in the kernel, Squid crashes miserably with
this log message:
FATAL: Could not create a DNS socket
Debugging output indicates:
comm_openex: Attempt open socket for: [::]
comm_open: socket failure: (97) Address family not supported by protocol
The result is that some sites whose domains need TCP to be resolved (for
example stat.canal-plus.com) are not accessible through Squid running on a
system with IPv6 disabled.
Recompiling the package with --disable-ipv6 does not fix the problem.
In src/dns_internal.cc, lines 740 to 743, Squid uses the udp_outgoing_address
configuration option or, if it doesn't exist, udp_incoming_address. If neither
exist, Squid uses an "unspecified address".
This address is then passed to IpAddress::GetAddrInfo(), which, if it is called
on an unspecified address, returns an AF_INET6 sockaddr (see
src/ip/IpAddress.cc - lines 608, 878 and 910). This is because
IpAddress::IsIPv6() always returns true for an unspecified address.
Consequently, comm_open(), called in src/dns_internal.cc:749, gets an AF_INET6
address, and as a result, fails miserably because IPv6 is not supported on the
system.
As a workaround, one can force Squid to bind to an IPv4 address by supplying a
value in the udp_outgoing_address configuration option:
udp_outgoing_address 0.0.0.0
For a long-term solution, see the attached patch, which makes
IpAddress::IsIPv6() always return false if IPv6 is not supported on the system.
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.36.2-zyklos (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages squid3 depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libcap2 1:2.19-3 support for getting/setting POSIX.
ii libcomerr2 1.41.12-2 common error description library
ii libdb4.8 4.8.30-3 Berkeley v4.8 Database Libraries [
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libgcc1 1:4.4.5-10 GCC support library
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8.3+dfsg-4 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8.3+dfsg-4 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries
ii libltdl7 2.2.6b-2 A system independent dlopen wrappe
ii libpam0g 1.1.1-6.1 Pluggable Authentication Modules l
ii libsasl2-2 2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii libstdc++6 4.4.5-10 The GNU Standard C++ Library v3
ii libxml2 2.7.8.dfsg-1 GNOME XML library
ii logrotate 3.7.8-6 Log rotation utility
ii lsb-base 3.2-26 Linux Standard Base 3.2 init scrip
ii netbase 4.44 Basic TCP/IP networking system
ii squid3-common 3.1.6-1.2 A full featured Web Proxy cache (H
squid3 recommends no packages.
Versions of packages squid3 suggests:
pn resolvconf <none> (no description available)
ii smbclient 2:3.5.6~dfsg-3 command-line SMB/CIFS clients for
pn squid-cgi <none> (no description available)
pn squidclient <none> (no description available)
-- Configuration Files:
/etc/squid3/squid.conf changed [not included]
-- no debconf information
--- src/ip/IpAddress.cc 2010-08-01 16:01:37.000000000 +0200
+++ src/ip/IpAddress.cc 2010-12-17 15:35:15.000000000 +0100
@@ -194,7 +194,7 @@
bool IpAddress::IsIPv6() const
{
- return IsAnyAddr() || IsNoAddr() || !IN6_IS_ADDR_V4MAPPED(
&m_SocketAddr.sin6_addr );
+ return Ip::EnableIpv6 && (IsAnyAddr() || IsNoAddr() ||
!IN6_IS_ADDR_V4MAPPED( &m_SocketAddr.sin6_addr ));
}
bool IpAddress::IsAnyAddr() const
