On 2/12/2011 4:23 a.m., Fredrik Eriksson wrote:
> On 12/01/2011 01:13 PM, Amos Jeffries wrote:
>>
>> Ah sorry. In short I think its a kernel bug in the TCP / IP support.
>
> This seems to be a rather persistant kernel bug, if so.
>
> Since there are FD leaks in the debian stable (squeeze/6.0) packaged
> version of squid3 (3.1.6-1.2+squeeze1), we pull the squid3 package from
> testing (wheezy/7.0). Therefore the testing repo is already added to
> our squid servers, so I installed linux from testing as well (linux
> version3.1.0-1-amd64).
>
> I tried both with IPv6 enabled and disabled, which you do by adding
> this line to /etc/sysctl.d/disableipv6.conf
>
> net.ipv6.conf.all.disable_ipv6=1
>
> neither case worked. Are the kernel developers aware of this bug you
> mention, and is it solved in a even later version of linux?
I can't speak for what they know. I only pay attention to the details
directly affecting Squid features on the netfilter lists.
FWIW I'm running the Wheezy kernels here with no such problems. It may
be something particular in your iptables rules affecting the checksum.
Its probably best to take this to the netfilter mailing list now and see
if anyone there has a better clue than me.
Amos
Received on Thu Dec 01 2011 - 23:44:50 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 02 2011 - 12:00:01 MST