From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 9 Aug 2010 08:23:45 +0000 (+1200)
Subject: Fix ICAP service sockets for splt-stack systems.
X-Git-Tag: take1~411
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=e6713f4ef73ad8b0bd33bf7d5f2ddbc4103641d8;p=thirdparty%2Fsquid.git

Fix ICAP service sockets for splt-stack systems.

Makes split-stack systems default to IPv4-only connections.
Adds "ipv6=on|off" option to icap_service config to make Squid do
IPv6-only connections for particular service.

There is currently no middle ground with connection failover possible.
---

diff --git a/doc/release-notes/release-3.1.sgml b/doc/release-notes/release-3.1.sgml
index f766cca90f..38679f1798 100644
--- a/doc/release-notes/release-3.1.sgml
+++ b/doc/release-notes/release-3.1.sgml
@@ -1158,8 +1158,8 @@ NOCOMMENT_START
 	<tag>https_port intercept sslbump connection-auth[=on|off]</tag>
 	<p>New port options. see http_port.
 
-	<tag>icap_service bypass=on|off|1|0 routing=on|off|1|0</tag>
-	<p>New options 'bypass=' and 'routing='.
+	<tag>icap_service bypass=on|off|1|0 routing=on|off|1|0 ipv6=on|off</tag>
+	<p>New options 'bypass=', 'routing=' and 'ipv6='.
 	<verb>
 	bypass=on|off|1|0
 		If set to 'on' or '1', the ICAP service is treated as
@@ -1186,6 +1186,11 @@ NOCOMMENT_START
 
 		Routing is not allowed by default: the ICAP X-Next-Services
 		response header is ignored.
+
+	ipv6=on|off
+		Only has effect on split-stack systems. The default on those systems
+		is to use IPv4-only connections. When set to 'on' this option will
+		make Squid use IPv6-only connections to contact this ICAP service.
 	</verb>
 
 	<tag>logfile_rotate</tag>
diff --git a/src/adaptation/ServiceConfig.cc b/src/adaptation/ServiceConfig.cc
index 5372b3c78a..f69f66e311 100644
--- a/src/adaptation/ServiceConfig.cc
+++ b/src/adaptation/ServiceConfig.cc
@@ -8,7 +8,7 @@
 
 Adaptation::ServiceConfig::ServiceConfig():
         port(-1), method(methodNone), point(pointNone),
-        bypass(false), routing(false)
+        bypass(false), routing(false), ipv6(false)
 {}
 
 const char *
@@ -93,7 +93,9 @@ Adaptation::ServiceConfig::parse()
             grokked = grokBool(bypass, name, value);
         else if (strcmp(name, "routing") == 0)
             grokked = grokBool(routing, name, value);
-        else {
+        if (strcmp(name, "ipv6") == 0) {
+            grokked = grokBool(ipv6, name, value);
+        } else {
             debugs(3, 0, cfg_filename << ':' << config_lineno << ": " <<
                    "unknown adaptation service option: " << name << '=' << value);
         }
diff --git a/src/adaptation/ServiceConfig.h b/src/adaptation/ServiceConfig.h
index 6fdd8a53bd..ceff004743 100644
--- a/src/adaptation/ServiceConfig.h
+++ b/src/adaptation/ServiceConfig.h
@@ -33,6 +33,7 @@ public:
     VectPoint point; // where the adaptation happens (pre- or post-cache)
     bool bypass;
     bool routing; ///< whether this service may determine the next service(s)
+    bool ipv6;    ///< whether this service uses IPv6 transport (default IPv4)
 
 protected:
     Method parseMethod(const char *buf) const;
diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.cc
index 6fbeb1fcc1..42cb0fcb27 100644
--- a/src/adaptation/icap/Xaction.cc
+++ b/src/adaptation/icap/Xaction.cc
@@ -13,6 +13,7 @@
 #include "pconn.h"
 #include "HttpRequest.h"
 #include "HttpReply.h"
+#include "ip/tools.h"
 #include "acl/FilledChecklist.h"
 #include "icap_log.h"
 #include "fde.h"
@@ -116,6 +117,15 @@ void Adaptation::Icap::Xaction::openConnection()
     disableRetries(); // we only retry pconn failures
 
     Ip::Address outgoing;
+    if (!Ip::EnableIpv6 && !outgoing.SetIPv4()) {
+        debugs(31, DBG_CRITICAL, "ERROR: IPv6 is disabled. " << outgoing << " is not an IPv4 address.");
+        dieOnConnectionFailure(); // throws
+    }
+    /* split-stack for now requires default IPv4-only socket */
+    if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && outgoing.IsAnyAddr() && !s.cfg().ipv6) {
+        outgoing.SetIPv4();
+    }
+
     connection = comm_open(SOCK_STREAM, 0, outgoing,
                            COMM_NONBLOCKING, s.cfg().uri.termedBuf());
 
diff --git a/src/cf.data.pre b/src/cf.data.pre
index a338fdaf9a..01d20eee14 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -6168,6 +6168,11 @@ DOC_START
 		Routing is not allowed by default: the ICAP X-Next-Services
 		response header is ignored.
 
+	ipv6=on|off
+		Only has effect on split-stack systems. The default on those systems
+		is to use IPv4-only connections. When set to 'on' this option will
+		make Squid use IPv6-only connections to contact this ICAP service.
+
 	Older icap_service format without optional named parameters is
 	deprecated but supported for backward compatibility.