On 2/12/2011 4:23 a.m., Fredrik Eriksson wrote:
On 12/01/2011 01:13 PM, Amos Jeffries wrote:
Ah sorry. In short I think its a kernel bug in the TCP / IP support.
This seems to be a rather persistant kernel bug, if so.
Since there are FD leaks in the debian stable (squeeze/6.0) packaged
version of squid3 (3.1.6-1.2+squeeze1), we pull the squid3 package from
testing (wheezy/7.0). Therefore the testing repo is already added to
our squid servers, so I installed linux from testing as well (linux
version3.1.0-1-amd64).
I tried both with IPv6 enabled and disabled, which you do by adding
this line to /etc/sysctl.d/disableipv6.conf
net.ipv6.conf.all.disable_ipv6=1
neither case worked. Are the kernel developers aware of this bug you
mention, and is it solved in a even later version of linux?
I can't speak for what they know. I only pay attention to the details
directly affecting Squid features on the netfilter lists.
FWIW I'm running the Wheezy kernels here with no such problems. It may
be something particular in your iptables rules affecting the checksum.
Its probably best to take this to the netfilter mailing list now and see
if anyone there has a better clue than me.
Amos
