Continuing dstdomain problems in Squid 2.3STABLE2 from Armistead, Jason on 2000-04-17 (squid-users)

From: Armistead, Jason <armistej@dont-contact.us>
Date: Tue, 18 Apr 2000 00:32:35 -0400

My problem remains, even with a greatly stripped-down configuration file.
If you follow carefully (I've used Lynx 2.7.1 in a bid to simplify the log
down to a single request happening at any one time) you will see that on
first attempt, getting http://www.otis.com/ generates a "NOT found", but
after successfully getting http://www.otis.de/ it suddenly starts working.
I've completely disabled never_direct and always_direct rules to try and
localise the problem. It now seems that the ACL matching routines have some
sort of bug which causes the rules to stop working. However, it is only the
.otis.com one that is a problem (the other domains in the otis_sites acl are
always accessibly without a password, and are always "found")

Can anyone replicate this problem on their site ? Since I'm also using a
brand new proxy, I've got no objects in the cache directories (whether
that's relevant or not I don't know). I'm more than happy to send a full
squid.conf.

Squid was compiled with GCC 2.7.2.

Here are the ACLs:
==============

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

acl std_password proxy_auth REQUIRED

acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Dangerous_ports port 7 9 19

# The following ACL allows non-password access to OTIS/UTC sites

acl otis_sites dstdomain .otis.co.jp .otis.de .zardoyaotis.es .otis.it
.poma-oti
s.com .xiziotis.com .otis.com

and here are the http_access rules:
==========================
# Temporarily allow access to the cache manager functions from all hosts

http_access allow manager all

# Allow access to OTIS/UTC Intranet sites without Authentication

http_access allow otis_sites

# Allow access to rest of the Internet only if they have a password

http_access allow all std_password

and here is what happens when I try to use the proxy with squid -d 9 -N -f
../etc/bug.conf):
=================================================================

OZM10# ./run_debug
2000/04/18 11:30:53| Starting Squid Cache version 2.3.STABLE2 for
sparc-sun-solaris2.5.1...
2000/04/18 11:30:53| Process ID 23407
2000/04/18 11:30:53| With 1024 file descriptors available
2000/04/18 11:30:53| Performing DNS Tests...
2000/04/18 11:30:53| Successful DNS name lookup tests...
2000/04/18 11:30:53| DNS Socket created on FD 6
2000/04/18 11:30:53| Adding nameserver 153.14.7.5 from /etc/resolv.conf
2000/04/18 11:30:53| Adding nameserver 153.14.7.126 from /etc/resolv.conf
2000/04/18 11:30:53| Adding nameserver 153.51.8.109 from /etc/resolv.conf
2000/04/18 11:30:53| helperOpenServers: Starting 7 'redir.pl' processes
2000/04/18 11:30:54| helperOpenServers: Starting 5 'ncsa_auth' processes
2000/04/18 11:30:54| Unlinkd pipe opened on FD 23
2000/04/18 11:30:54| Swap maxSize 10240 KB, estimated 787 objects
2000/04/18 11:30:54| Target number of buckets: 15
2000/04/18 11:30:54| Using 8192 Store buckets
2000/04/18 11:30:54| Max Mem size: 8192 KB
2000/04/18 11:30:54| Max Swap size: 10240 KB
2000/04/18 11:30:54| Rebuilding storage in /disk2/squid/cache (CLEAN)
2000/04/18 11:30:54| Set Current Directory to /disk2/squid/cache
2000/04/18 11:30:54| Loaded Icons.
2000/04/18 11:30:54| Accepting HTTP connections at 0.0.0.0, port 8080, FD
25.
2000/04/18 11:30:54| Accepting ICP messages at 0.0.0.0, port 3130, FD 26.
2000/04/18 11:30:54| WCCP Disabled.
2000/04/18 11:30:54| Ready to serve requests.
2000/04/18 11:30:54| Done reading /disk2/squid/cache swaplog (2 entries)
2000/04/18 11:30:54| Finished rebuilding storage from disk.
2000/04/18 11:30:54| 2 Entries scanned
2000/04/18 11:30:54| 0 Invalid entries.
2000/04/18 11:30:54| 0 With invalid flags.
2000/04/18 11:30:54| 2 Objects loaded.
2000/04/18 11:30:54| 0 Objects expired.
2000/04/18 11:30:54| 0 Objects cancelled.
2000/04/18 11:30:54| 0 Duplicate URLs purged.
2000/04/18 11:30:54| 0 Swapfile clashes avoided.
2000/04/18 11:30:54| Took 0.0 seconds ( 2.0 objects/sec).
2000/04/18 11:30:54| Beginning Validation Procedure
2000/04/18 11:30:54| Configuring Parent wwwproxy.otis.com/8080/7
2000/04/18 11:30:55| Configuring Parent wwwproxy1.otis.com/8080/7
2000/04/18 11:30:55| Configuring Parent proxy20.fe.us.otis.com/8080/7
2000/04/18 11:30:55| Completed Validation Procedure
2000/04/18 11:30:55| Validated 2 Entries
2000/04/18 11:30:55| store_swap_size = 25k
2000/04/18 11:30:55| storeLateRelease: released 0 objects
2000/04/18 11:31:05| aclCheckFast: list: 1c1190
2000/04/18 11:31:05| aclMatchAclList: checking all
2000/04/18 11:31:05| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2000/04/18 11:31:05| aclMatchIp: '153.14.7.6' found
2000/04/18 11:31:05| aclMatchAclList: returning 1
2000/04/18 11:31:05| aclCheck: checking 'http_access allow manager all'
2000/04/18 11:31:05| aclMatchAclList: checking manager
2000/04/18 11:31:05| aclMatchAcl: checking 'acl manager proto cache_object'
2000/04/18 11:31:05| aclMatchAclList: returning 0
2000/04/18 11:31:05| aclCheck: checking 'http_access allow otis_sites'
2000/04/18 11:31:05| aclMatchAclList: checking otis_sites
2000/04/18 11:31:05| aclMatchAcl: checking 'acl otis_sites dstdomain
.otis.com .otis.co.jp .otis.de .zardoyaotis.es .otis.it .poma-otis.com
.xiziotis.com'
2000/04/18 11:31:05| aclMatchDomainList: checking 'www.otis.com'
2000/04/18 11:31:05| aclMatchDomainList: 'www.otis.com' NOT found
2000/04/18 11:31:05| aclMatchAclList: returning 0
2000/04/18 11:31:05| aclCheck: checking 'http_access allow all std_password'
2000/04/18 11:31:05| aclMatchAclList: checking all
2000/04/18 11:31:05| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2000/04/18 11:31:05| aclMatchIp: '153.14.7.6' found
2000/04/18 11:31:05| aclMatchAclList: checking std_password
2000/04/18 11:31:05| aclMatchAcl: checking 'acl std_password proxy_auth
REQUIRED'
2000/04/18 11:31:05| aclMatchAclList: returning 0
2000/04/18 11:31:05| aclCheck: match found, returning 2
2000/04/18 11:31:05| aclCheckCallback: answer=2
2000/04/18 11:31:20| aclCheckFast: list: 1c1190
2000/04/18 11:31:20| aclMatchAclList: checking all
2000/04/18 11:31:20| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2000/04/18 11:31:20| aclMatchIp: '153.14.7.6' found
2000/04/18 11:31:20| aclMatchAclList: returning 1
2000/04/18 11:31:20| aclCheck: checking 'http_access allow manager all'
2000/04/18 11:31:20| aclMatchAclList: checking manager
2000/04/18 11:31:20| aclMatchAcl: checking 'acl manager proto cache_object'
2000/04/18 11:31:20| aclMatchAclList: returning 0
2000/04/18 11:31:20| aclCheck: checking 'http_access allow otis_sites'
2000/04/18 11:31:20| aclMatchAclList: checking otis_sites
2000/04/18 11:31:20| aclMatchAcl: checking 'acl otis_sites dstdomain
.otis.com .
otis.co.jp .otis.de .zardoyaotis.es .otis.it .poma-otis.com .xiziotis.com'
2000/04/18 11:31:20| aclMatchDomainList: checking 'www.otis.de'
2000/04/18 11:31:20| aclMatchDomainList: 'www.otis.de' found
2000/04/18 11:31:20| aclMatchAclList: returning 1
2000/04/18 11:31:20| aclCheck: match found, returning 1
2000/04/18 11:31:20| aclCheckCallback: answer=1
2000/04/18 11:31:28| aclCheckFast: list: 1c1190
2000/04/18 11:31:28| aclMatchAclList: checking all
2000/04/18 11:31:28| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2000/04/18 11:31:28| aclMatchIp: '153.14.7.6' found
2000/04/18 11:31:28| aclMatchAclList: returning 1
2000/04/18 11:31:28| aclCheck: checking 'http_access allow manager all'
2000/04/18 11:31:28| aclMatchAclList: checking manager
2000/04/18 11:31:28| aclMatchAcl: checking 'acl manager proto cache_object'
2000/04/18 11:31:28| aclMatchAclList: returning 0
2000/04/18 11:31:28| aclCheck: checking 'http_access allow otis_sites'
2000/04/18 11:31:28| aclMatchAclList: checking otis_sites
2000/04/18 11:31:28| aclMatchAcl: checking 'acl otis_sites dstdomain
.otis.com .
otis.co.jp .otis.de .zardoyaotis.es .otis.it .poma-otis.com .xiziotis.com'
2000/04/18 11:31:28| aclMatchDomainList: checking 'www.otis.com'
2000/04/18 11:31:28| aclMatchDomainList: 'www.otis.com' found
2000/04/18 11:31:28| aclMatchAclList: returning 1
2000/04/18 11:31:28| aclCheck: match found, returning 1
2000/04/18 11:31:28| aclCheckCallback: answer=1
2000/04/18 11:31:28| aclCheckFast: list: 1c1160
2000/04/18 11:31:28| aclMatchAclList: checking all
2000/04/18 11:31:28| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2000/04/18 11:31:28| aclMatchIp: '153.14.7.6' found
2000/04/18 11:31:28| aclMatchAclList: returning 1

Anyone with any good ideas would be appreciated .. it's got me stumped and I
can only assume there's some sort of memory leak / uninitialised variable
bug in the Squid source code ...

Jason Armistead
Senior Systems and Software Engineer
Continuation Engineering
OTIS Minto, Australia
+61-2-9827-3742 (phone)
+61-2-9827-3606 (fax)
PABX speed dial 6214 (mobile)
Received on Mon Apr 17 2000 - 22:35:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:58 MST