Re: [squid-users] 00:00:00:00:00:00 %>eui and squid 3.4x

From: David Touzeau <david_at_articatech.com>
Date: Fri, 4 Apr 2014 01:39:10 +0200

-----Message d'origine-----
From: Eliezer Croitoru
Sent: Friday, April 04, 2014 12:04 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] 00:00:00:00:00:00 %>eui and squid 3.4x

On 04/04/2014 12:33 AM, David Touzeau wrote:
> You suggest to report this behavior to bugtrack ?
There is a bug report at:
http://bugs.squid-cache.org/show_bug.cgi?id=3982

I am digging into it to see how and when it happens.
Can you test if the eui acls do work?
like for example block a user by the eui and see if the user is being
blocked?(report in the bug report link)

Thanks,
Eliezer

Hi, this is my tests results

## The main issue is that squid did not log the MAC address but correctly
checks ACL ##

Squid Cache: Version 3.4.4-20140323-r13111
configure options: '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--localstatedir=/var'
'--libexecdir=/lib/squid3' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--enable-gnuregex'
'--enable-removal-policy=heap' '--enable-follow-x-forwarded-for'
'--enable-removal-policies=lru,heap' '--enable-arp-acl' '--with-large-files'
'--with-pthreads' '--enable-esi' '--enable-storeio=aufs,diskd,ufs,rock'
'--enable-x-accelerator-vary' '--with-dl' '--enable-linux-netfilter'
'--enable-wccpv2' '--enable-eui' '--enable-auth' '--enable-auth-basic'
'--enable-snmp' '--enable-icmp' '--enable-auth-digest'
'--enable-log-daemon-helpers' '--enable-url-rewrite-helpers'
'--enable-auth-ntlm' '--with-default-user=squid' '--enable-icap-client'
'--enable-cache-digests' '--enable-poll' '--enable-epoll'
'--enable-async-io=128' '--enable-zph-qos' '--enable-delay-pools'
'--enable-http-violations' '--enable-url-maps' '--enable-ssl'
'--enable-ssl-crtd'
'CFLAGS=-O3 -pipe -fomit-frame-pointer -funroll-loops -ffast-math -fno-exceptions'

in squid.conf:

acl mycomp arp 3c:a9:f4:13:9b:90
http_access deny mycomp

1) * * * * The Squid-cache matches/detect correctly the ARP address. * * * *

2014/04/04 01:22:28.002 kid1| Acl.cc(157) matches: checking http_access
2014/04/04 01:22:28.002 kid1| Acl.cc(157) matches: checking http_access#1
2014/04/04 01:22:28.002 kid1| Acl.cc(157) matches: checking mycomp
2014/04/04 01:22:28.002 kid1| Eui48.cc(256) lookup: Looking up ARP address
for 192.168.1.135 on eth0
2014/04/04 01:22:28.002 kid1| Eui48.cc(297) lookup: Got address
3c:a9:f4:13:9b:90 on eth0
2014/04/04 01:22:28.002 kid1| Arp.cc(184) aclMatchArp: aclMatchArp:
'192.168.1.135:59496' found
2014/04/04 01:22:28.002 kid1| Acl.cc(177) matches: checked: mycomp = 1
2014/04/04 01:22:28.002 kid1| Acl.cc(177) matches: checked: http_access#1 =
1
2014/04/04 01:22:28.002 kid1| Acl.cc(177) matches: checked: http_access = 1
2014/04/04 01:22:28.002 kid1| Checklist.cc(55) markFinished: 0x12427e8
answer DENIED for match
2014/04/04 01:22:28.002 kid1| Checklist.cc(155) checkCallback:
ACLChecklist::checkCallback: 0x12427e8 answer=DENIED

Added in squid.conf

logformat common MAC:%>eui %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st
%Ss:%Sh UserAgent:"%{User-Agent}>h" Forwarded:"%{X-Forwarded-For}>h"
access_log stdio:/var/log/squid/access.log common

2) * * * * The Squid-cache did not add to log the ARP address. * * * *

MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:04 +0200] "POST
http://ocsp.thawte.com/ HTTP/1.1" 200 2006 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:05 +0200]
"CONNECT epn.adledge.com:443 HTTP/1.1" 200 4512 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:05 +0200]
"CONNECT dsp.adledge.com:443 HTTP/1.1" 200 4512 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:06 +0200]
"CONNECT epn.adledge.com:443 HTTP/1.1" 200 4512 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:10 +0200]
"CONNECT epn.adledge.com:443 HTTP/1.1" 200 4512 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:10 +0200]
"CONNECT www.yahoo.com:443 HTTP/1.1" 200 6662 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:12 +0200]
"CONNECT ads.yahoo.com:443 HTTP/1.1" 200 7079 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:14 +0200]
"CONNECT fr.yahoo.com:443 HTTP/1.1" 200 86151 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:15 +0200]
"CONNECT fr.yahoo.com:443 HTTP/1.1" 200 489 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
MAC:00:00:00:00:00:00 192.168.1.135 - - [04/Apr/2014:01:29:19 +0200]
"CONNECT ad.yieldmanager.com:443 HTTP/1.1" 200 5791 TCP_MISS:HIER_DIRECT
UserAgent:"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101
Firefox/28.0" Forwarded:"-"
Received on Thu Apr 03 2014 - 23:39:19 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 04 2014 - 12:00:04 MDT