Search squid archive

Re: Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2013-11-14 11:29, Eliezer Croitoru wrote:

Eliezer, two pieces of information that should get you back on track with understanding this one:

1)  The connection between Squid and external_acl_type helpers uses TCP.

2) Preventing the kernel assigning IPv6 addresse to its NIC does not actually disable IPv6 inside the kernel.

The situation of (2) means that Squid, and other software, is still able to open IPv6 sockets but nothing goes bad until traffic is sent over those sockets. As a result the helper is started successfully on IPv6 connection, then the first actual use of the helper breaks. Alternatively, starting the helper with an explicit IPv6 (::1) breaks on setup. When this kind of problem happens over normal client/server connections Squid has logics to failover and open new connections on other IP's (such as IPv4). But the helper API has no such backup connections possible.


The easy solution is to configure that ipv4 flag on external_acl_type. The more difficult solution is to fully disable the kernel IPv6 module from loading. The *right* solution is to configure IPv6 properly on the machine as working with correct firewall rules to make it obey the local traffic policies (even if that policy is "no IPv6 packets to leave the machine").

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux