On 9/01/2013 2:04 a.m., Loïc Blot wrote:
Le mercredi 09 janvier 2013 à 00:05 +1300, Amos Jeffries a écrit :
On 8/01/2013 8:06 p.m., Loïc BLOT wrote:
In my case, it seems the ASSERT is thrown when GetAddrInfo look at
inexistant DNS name. (in the backtrace the DNS name does'nt exists).
Before there is 2 conditions for IPv4 and IPv6. This function is called
before any helper i think (Comm::ConnOpener::start), squidGuard doesn't
show anything about this case in the logs.
IP::Address::GetAddrInfo() function is called to convert an IP address
from Squid internal storage format to POSIX address storage format for
passing to the operating system.
DNS and domain names are not relevant, this is purely an IP->IPv4 and
IP->IPv6 conversion. The ASSERT() is there to cause a crash for debug
when IPv6 address is forced into smaller IPv4 format and the reverse.
Squid is compiled with --disable-ipv6 support, maybe some code disabled
are necessary.
All that does is set the Ip::enableIpv6 variable to false. Which is used
in the IsIpv6() test clause, but this whole area of code should not be
relevant. see below...
The problem is apparently that AF_UNSPEC on OpenBSD is 0 when the
comm.cc part of Squid is built and non-0 when the src/ip/ library part
is built. Weird.
One thing is sure, when i resolve this problem my squid doesn't crash
anymore, and my clients can work without any problem.
For asserts, i understand your view. In my case, i prefer to handle code
rather than force crash program, that's better for stability. I know
assert means the program comes to an unattended area.
How do you handle storing a 128-bit value into a 32-bit storage space?
If you look my patch, i abort the request when the error comes by return
-1 on comm.cc. Negative values causes request abord in comm.cc modified
function, it's native.
(http://bugs.squid-cache.org/show_bug.cgi?id=3732)
Since this patch, squid stability is now perfect
6104 _squid 2 0 3067M 3070M sleep/1 poll 20:53 0.73%
squid
20h uptime, 0 crash, whereas before 2 min only.
~45000 requests were treated during uptime.
How many connections were randomly aborted with no response?
How many were failed to IPv4 connections when IPv6 connectivity was
presented by the website?
Amos
IPv6 isn't presented by the website because we don't have IPv6
connectivity, and link-local addresses are disabled with -inet6 under
OpenBSD. Moreover, as i say, the --disable-ipv6 compile option is
enabled. I use many websites which have IPv6 connectivity (like my
website) and there is no problem, and no abort. It seems the problem is
under non existant domains.
If it is only for non-existent domains something else has gone badly
wrong. Because Squid-3.2+ should never reach the point of opening a
connection. The DNS no-IPs result is supposed to cause a error page
being generated and sent to the client by Squid with no server contact
at all.
This is as if there was a single IP address of "0.0.0.0" returned to
Squid. At which point Squid attempts to connect to that IP which is invalid.
Amos