Re: [squid-users] squid 3.3.8 failed to start because of hard-coded acl with ::1

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Tue, 31 Dec 2013 23:07:23 +0200

Hey Craig,

I want to verify the issue.
Do these FreeBSD machines operate only on the ipv4 level?
They will operate on the IPV4 level for a lot of time?
On what level will they not support IPV6? on the level of kernel or also
libs?
Before I run to test it.
What are the machine specs?

The line you have mentioned:
http://bazaar.launchpad.net/~squid/squid/3-trunk/view/head:/src/cf.data.pre#L847

Assumes that the machine is ipv6 enabled by default.
There is a possibility to compile squid with "disable-ipv6" flag or a
similar name which can help in the basic level.
I won't ask from you to patch squid but it should be changed only when
ipv4 only system is required.

Thanks,
Eliezer

On 31/12/13 15:23, Craig R. Skinner wrote:
> #-=-=-=-=-= FYI -=-=-=-=-=-
>
> This is probably a bug, but I can't create a bugzilla account as there
> is no DNS PTR record for east.squid-cache.org, which I've raised with
> postmaster@, hostmaster@ & root_at_packet-pushers.com
>
> #-=-=-=-=-= FYI -=-=-=-=-=-
>
>
> When using only IPv4, Squid 3.3.8 fails to start, citing bungled config.
>
> FreeBSD uses a patch, see below.
>
>
>
> $ uname -srp
> OpenBSD 5.4 i386
>
> $ pkg_info -I squid
> squid-3.3.8 WWW and FTP proxy cache and accelerator
>
> $ fgrep family /etc/resolv.conf
> family inet4
>
> $ grep ^acl /etc/squid/squid.conf
> acl localnet src 192.168.169.0/24 # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> $ /usr/local/sbin/squid -k parse
> 2013/12/31 11:28:35| Startup: Initializing Authentication Schemes ...
> 2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'basic'
> 2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'digest'
> 2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'negotiate'
> 2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'ntlm'
> 2013/12/31 11:28:35| Startup: Initialized Authentication.
> 2013/12/31 11:28:35| aclIpParseIpData: Bad host/IP: '::1' in '::1', flags=0 : (-5) no address associated with name
> FATAL: Bungled Default Configuration line 11: acl localhost src 127.0.0.1/32 ::1
> Squid Cache (Version 3.3.8): Terminated abnormally.
> CPU Usage: 0.094 seconds = 0.055 user + 0.039 sys
> Maximum Resident Size: 5836 KB
> Page faults with physical i/o: 0
>
>
> $ fgrep family /etc/resolv.conf
> #family inet4
>
>
> $ /usr/local/sbin/squid -k parse
> 2013/12/31 12:11:05| Startup: Initializing Authentication Schemes ...
> 2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'basic'
> 2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'digest'
> 2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'negotiate'
> 2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'ntlm'
> 2013/12/31 12:11:05| Startup: Initialized Authentication.
> 2013/12/31 12:11:05| Processing Configuration File:
> /etc/squid/squid.conf (depth 0)
> 2013/12/31 12:11:05| Processing: acl localnet src 192.168.169.0/24 # RFC1918 possible internal network
> ...
> ...
> ..
> .
> [OK]
>
>
> Bugged by FreeBSD ports team:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=176951
> Their patch on same page:
> http://www.freebsd.org/cgi/query-pr.cgi?pr=176951&getpatch=1
>
>
> Maybe about line 846/7 of src/cf.data.pre (revision 13199)
> http://bazaar.launchpad.net/~squid/squid/3-trunk/view/head:/src/cf.data.pre
>
>
> Cheers,
>
Received on Tue Dec 31 2013 - 21:07:47 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 12:00:05 MST