[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-03-07 Thread Launchpad Bug Tracker
This bug was fixed in the package squid3 - 3.3.8-1ubuntu6.6 --- squid3 (3.3.8-1ubuntu6.6) trusty-security; urgency=medium [ Scott Moser ] * debian/patches/increase-default-forward-max-tries.patch: change the default setting of 'forward_max_tries' from 10 to 25. (LP:

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-03-07 Thread Launchpad Bug Tracker
This bug was fixed in the package squid3 - 3.3.8-1ubuntu16.2 --- squid3 (3.3.8-1ubuntu16.2) wily-security; urgency=medium [ Scott Moser ] * debian/patches/increase-default-forward-max-tries.patch: change the default setting of 'forward_max_tries' from 10 to 25. (LP:

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-03-07 Thread Launchpad Bug Tracker
This bug was fixed in the package squid3 - 3.1.19-1ubuntu3.12.04.6 --- squid3 (3.1.19-1ubuntu3.12.04.6) precise-security; urgency=medium * SECURITY UPDATE: denial of service via crafted UDP SNMP request - debian/patches/CVE-2014-6270.patch: fix off-by-one in

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-28 Thread Paul Gear
@yadi: link-local only was the proposal by @andreserl (not RFC1918, or its IPv6 equivalent, ULA), and that is completely doable. So is detection of an isolated, but not link-local-only network. It's simple - if there's no route in the local routing table to the destination, it should be excluded

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-26 Thread Amos Jeffries
Andres, Because there is no way to distinguish between a local-only network and one using NAT without actually trying to connect to the IPs (which is exactly what Squid is doing - up to the limit of forward_max_tries). The problem is identical and far more widespread in IPv4. Disabling IPv4

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-24 Thread Scott Moser
** Also affects: squid3 (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: squid3 (Ubuntu Precise) Status: New => Triaged ** Changed in: squid3 (Ubuntu Precise) Importance: Undecided => High -- You received this bug notification because you are a member of

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-24 Thread Andres Rodriguez
Why wouldn't an appropriate fix be to prevent squid from using IPv6 if the system only has link-local addresses and not global addresses? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu.

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-23 Thread Scott Moser
** Description changed: == Begin SRU Information == [Impact] Users of squid3 as a proxy on a host without ipv6 connectivity will see http '503' errors if they attempt to access a url through that proxy that has greater than 9 ipv6 addresses associated with it. The failure case is

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-23 Thread Scott Moser
** Description changed: + == Begin SRU Information == + [Impact] + Users of squid3 as a proxy on a host without ipv6 connectivity will see http '503' errors if they attempt to access a url through that proxy that has greater than 9 ipv6 addresses associated with it. + + The failure case is

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-23 Thread Scott Moser
@paul, I suspect the '25' is 25 ipv6 addresses. Thats based on our debugging and fix we put into place. We started seeing the bug when a 10th ipv6 address was added to archive.ubuntu.com (and security.ubuntu.com). The workaround we put in place was to remove a single ipv6 address, resulting

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Paul Gear
@yadi Won't changing the limit from 10 to 25 just put off the problem until later? As I understand it, the main reason this issue caused problems is that squid attempts IPv6 connections from hosts without global IPv6 connectivity. -- You received this bug notification because you are a member

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Amos Jeffries
And for the record. No Squid does not use libc getaddrinfo(). That API provides speed restrictions several orders of magnitude too slow for even small Squid installations. ** Description changed: Many people run squid (squid-deb-proxy, or maas-proxy) to provide ubuntu archive mirror caching

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Amos Jeffries
The upstream fix was http://www.squid- cache.org/Versions/v3/3.5/changesets/squid-3-12982.patch - which is to increase the number of IPs attempted to 25 instead of just 10. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Scott Moser
It appears this bug is fixed in 3.5.1, which Robie Basak is syncing from debian. I've tried to reproduce but have not been able. When robie fixes bug 1473691, the fix should come into xenial (16.04). We can look upstream to find what fix this actually was and cherry pick back to 14.04. ** No

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Scott Moser
I've marked 16.04 task as triaged. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and gets 503 when no ipv6 routes To manage notifications about

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Scott Moser
** Attachment added: "test case that sets up a system to show this failure" https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1547640/+attachment/4578153/+files/lp-1547640.sh ** Attachment removed: "test case that sets up a system to show this failure"

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-22 Thread Scott Moser
** Attachment added: "test case that sets up a system to show this failure" https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1547640/+attachment/4578121/+files/lp-1547640.sh -- You received this bug notification because you are a member of Ubuntu Server Team, which is

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-21 Thread Blake Rouse
** No longer affects: maas ** No longer affects: maas/1.10 ** No longer affects: maas/1.9 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid-deb-proxy in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-21 Thread Andreas Hasenack
I think the MAAS tasks can be removed or marked as invalid here. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and gets 503 when no ipv6 routes To

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Scott Moser
There is a work around for this issue currently in place. The change was to remove one of the 10 ipv6 addresses that were returned in a query for security.ubuntu.com or archive.ubuntu.com. Now there are only 9 ipv6 addresses in place. This works around the issue and users should not see this

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Andreas Hasenack
I tried downgrading libc6 and restarting squid (heck, even rebooting the container), but it still happened. Scott IIRC also tried that. Still, it's a heck of a coincidence. Squid in debug mode shows it's getting 10 IPv4 and 10 IPv6 addresses back for the archive, and trying each one in turn.

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Stéphane Graber
I'm unfamiliar with the squid codebase but if it does use the normal socket library, it would be doing a getaddrinfo, then iterate over the results, those results would begin with IPv6 records as IPv6 is always to be preferred over IPv4 when available, but any attempt to connect would result

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Stéphane Graber
** Package changed: squid (Ubuntu) => squid3 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and gets 503 when no ipv6 routes To manage

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Landscape Builder
Does someone know yet what happened? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and gets 503 when no ipv6 routes To manage notifications about

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-20 Thread Johan Ehnberg
On my 14.04 LTS system the workaround was to add 'dns_v4_first on' to /etc/maas/maas-proxy.conf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Adam Stokes
** Tags added: cloud-installer -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in Ubuntu. https://bugs.launchpad.net/bugs/1547640 Title: proxy tries ipv6 and gets 503 when no ipv6 routes To manage notifications about this bug

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Andres Rodriguez
** Changed in: maas Assignee: (unassigned) => Andres Rodriguez (andreserl) ** Changed in: maas/1.10 Assignee: (unassigned) => Andres Rodriguez (andreserl) ** Changed in: maas/1.9 Assignee: (unassigned) => Andres Rodriguez (andreserl) -- You received this bug notification because

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Mike Pontillo
** Changed in: maas Status: New => Triaged ** Changed in: maas Importance: Undecided => High ** Also affects: maas/1.10 Importance: Undecided Status: New ** Also affects: maas/1.9 Importance: Undecided Status: New ** Changed in: maas/1.10 Status: New =>

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: squid-deb-proxy (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid-deb-proxy in Ubuntu.

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Launchpad Bug Tracker
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: squid (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid-deb-proxy in Ubuntu.

[Bug 1547640] Re: proxy tries ipv6 and gets 503 when no ipv6 routes

2016-02-19 Thread Seth Arnold
Adding dns_v4_first on to my 14.04 LTS /etc/squid-deb-proxy/squid-deb- proxy.conf solved this for me. My personal best guess is that something happened during machine reboots in the Canonical datacenter to address the glibc updates. My failures were to both security.ubuntu.com and