Re: [squid-users] Re: Re: Re: commBind: Cannot bind socket from Amos Jeffries on 2012-04-10 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 10 Apr 2012 23:37:43 +1200

On 10/04/2012 10:21 p.m., Markus Moeller wrote:
> Hi Amos,
>
> These are my system settings:
>
> /etc/sysctl.conf
> net.ipv6.conf.all.disable_ipv6 = 1
>

Okay, that should be enough.
networking restarted after changing that?

> ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:0C:29:16:1F:37
> inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:47856 errors:0 dropped:0 overruns:0 frame:0
> TX packets:43117 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:5528524 (5.2 Mb) TX bytes:3213092 (3.0 Mb)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:183 errors:0 dropped:0 overruns:0 frame:0
> TX packets:183 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:11503 (11.2 Kb) TX bytes:11503 (11.2 Kb)
>

Good, I think.

>
> and the log if I do not use ipv4 for the external helper:
>
>
> 2012/04/10 11:17:07| Starting Squid Cache version 3.1.16 for
> x86_64-suse-linux-gnu...
> 2012/04/10 11:17:07| Process ID 17834
> 2012/04/10 11:17:07| With 4096 file descriptors available
> 2012/04/10 11:17:07| Initializing IP Cache...
> 2012/04/10 11:17:07| DNS Socket created at [::], FD 8

?? successful IPv6 socket creation.

> 2012/04/10 11:17:07| DNS Socket created at 0.0.0.0, FD 9
> 2012/04/10 11:17:07| Adding domain suse.home from /etc/resolv.conf
> 2012/04/10 11:17:07| Adding domain windows.home from /etc/resolv.conf
> 2012/04/10 11:17:07| Adding nameserver 192.168.1.8 from /etc/resolv.conf
> 2012/04/10 11:17:07| Adding nameserver 192.168.1.1 from /etc/resolv.conf
> 2012/04/10 11:17:07| helperOpenServers: Starting 20/20
> 'negotiate_wrapper_auth' processes
> 2012/04/10 11:17:08| helperOpenServers: Starting 20/20 'ntlm_auth'
> processes
> 2012/04/10 11:17:08| helperOpenServers: Starting 5/5
> 'ext_kerberos_ldap_group_acl' processes
> 2012/04/10 11:17:08| commBind: Cannot bind socket FD 90 to [::1]: (99)
> Cannot assign requested address
> 2012/04/10 11:17:08| commBind: Cannot bind socket FD 91 to [::1]: (99)
> Cannot assign requested address

?? but bind() fails when an opened IPv6 socket is used.

...
> 2012/04/10 11:17:08| WARNING: Cannot run
> '/opt/squid-3.2/lib/ext_kerberos_ldap_group_acl' process.
> 2012/04/10 11:17:08| User-Agent logging is disabled.
> 2012/04/10 11:17:08| Referer logging is disabled.
> 2012/04/10 11:17:08| Unlinkd pipe opened on FD 104
> 2012/04/10 11:17:08| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2012/04/10 11:17:08| Store logging disabled
> 2012/04/10 11:17:08| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2012/04/10 11:17:08| Target number of buckets: 1008
> 2012/04/10 11:17:08| Using 8192 Store buckets
> 2012/04/10 11:17:08| Max Mem size: 262144 KB
> 2012/04/10 11:17:08| Max Swap size: 0 KB
> 2012/04/10 11:17:08| Using Least Load store dir selection
> 2012/04/10 11:17:08| Set Current Directory to /var/cache/squid
> 2012/04/10 11:17:09| Loaded Icons.
> 2012/04/10 11:17:09| Accepting HTTP connections at [::]:3128, FD 105.

?? and more successulf IPv6 socket() and listen() calls.

> 2012/04/10 11:17:09| HTCP Disabled.
> 2012/04/10 11:17:09| Squid plugin modules loaded: 0
> 2012/04/10 11:17:09| Adaptation support is off.
> 2012/04/10 11:17:09| Ready to serve requests.
>
>
> With ipv4 as helper option it works:
>
>
> 2012/04/09 19:14:24| Starting Squid Cache version 3.1.16 for
> x86_64-suse-linux-gnu...
> 2012/04/09 19:14:24| Process ID 15049
> 2012/04/09 19:14:24| With 4096 file descriptors available
> 2012/04/09 19:14:24| Initializing IP Cache...
> 2012/04/09 19:14:24| DNS Socket created at [::], FD 8
> 2012/04/09 19:14:24| DNS Socket created at 0.0.0.0, FD 9
> 2012/04/09 19:14:24| Adding domain suse.home from /etc/resolv.conf
> 2012/04/09 19:14:24| Adding domain windows.home from /etc/resolv.conf
> 2012/04/09 19:14:24| Adding nameserver 192.168.1.8 from /etc/resolv.conf
> 2012/04/09 19:14:24| Adding nameserver 192.168.1.1 from /etc/resolv.conf
> 2012/04/09 19:14:24| helperOpenServers: Starting 20/20
> 'negotiate_wrapper_auth' processes
> 2012/04/09 19:14:24| helperOpenServers: Starting 20/20 'ntlm_auth'
> processes
> 2012/04/09 19:14:25| helperOpenServers: Starting 5/5
> 'ext_kerberos_ldap_group_acl' processes
> 2012/04/09 19:14:25| User-Agent logging is disabled.
> 2012/04/09 19:14:25| Referer logging is disabled.
> 2012/04/09 19:14:25| Unlinkd pipe opened on FD 104
> 2012/04/09 19:14:25| Local cache digest enabled; rebuild/rewrite every
> 3600/3600 sec
> 2012/04/09 19:14:25| Store logging disabled
> 2012/04/09 19:14:25| Swap maxSize 0 + 262144 KB, estimated 20164 objects
> 2012/04/09 19:14:25| Target number of buckets: 1008
> 2012/04/09 19:14:25| Using 8192 Store buckets
> 2012/04/09 19:14:25| Max Mem size: 262144 KB
> 2012/04/09 19:14:25| Max Swap size: 0 KB
> 2012/04/09 19:14:25| Using Least Load store dir selection
> 2012/04/09 19:14:25| Set Current Directory to /var/cache/squid
> 2012/04/09 19:14:25| Loaded Icons.
> 2012/04/09 19:14:25| Accepting HTTP connections at [::]:3128, FD 105.
> 2012/04/09 19:14:25| HTCP Disabled.
> 2012/04/09 19:14:25| Squid plugin modules loaded: 0
> 2012/04/09 19:14:25| Adaptation support is off.
> 2012/04/09 19:14:25| Ready to serve requests.
>
>
> netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 0.0.0.0:22 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:631 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:6010 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:6011 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:445 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:139 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:42285 127.0.0.1:44467 ESTABLISHED
> tcp 0 0 127.0.0.1:48228 127.0.0.1:57780 ESTABLISHED
> tcp 0 0 127.0.0.1:44467 127.0.0.1:42285 ESTABLISHED
> tcp 0 0 192.168.1.29:22 192.168.1.8:52765 ESTABLISHED
> tcp 0 0 127.0.0.1:35310 127.0.0.1:52240 ESTABLISHED
> tcp 0 0 127.0.0.1:37647 127.0.0.1:49651 ESTABLISHED
> tcp 0 0 192.168.1.29:59581 192.168.1.12:445 ESTABLISHED
> tcp 0 0 127.0.0.1:41867 127.0.0.1:50921 ESTABLISHED
> tcp 0 0 192.168.1.29:22 192.168.1.8:49435 ESTABLISHED
> tcp 0 0 127.0.0.1:57780 127.0.0.1:48228 ESTABLISHED
> tcp 0 0 127.0.0.1:52240 127.0.0.1:35310 ESTABLISHED
> tcp 0 0 127.0.0.1:50921 127.0.0.1:41867 ESTABLISHED
> tcp 0 0 192.168.1.29:22 192.168.1.8:49474 ESTABLISHED
> tcp 0 0 127.0.0.1:49651 127.0.0.1:37647 ESTABLISHED
> tcp 0 0 :::3128 :::*
> LISTEN
> tcp 0 0 :::445 :::*
> LISTEN
> tcp 0 0 :::139 :::*
> LISTEN

Looks like Squid is not alone in this.

>
>
> Markus
>
> "Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
> news:4F83B2D8.9050607_at_treenet.co.nz...
>> On 10/04/2012 1:11 a.m., Markus Moeller wrote:
>>> But it should be possible to determine that automatically (e.g. if
>>> the bind on ::1 fails try ipv4) shouldn' it ?
>>
>> Yes. The socket handling is a bit strange in 3.1 though. Failover
>> does not work on helpers. Mostly because its an internal channel,
>> Squid is running the app at both ends, both are opening localhost / ::1.
>>
>> Going back and reading your report after some sleep, it would seem
>> you did not fully disable IPv6 or restart Squid after changing such
>> fundamental detail. The Squid startup sequence probes to determine
>> whether an IPv6 stack is present, and what type. The "localhost"
>> default values depend on those probes results, with ::1 preferred if
>> available.
>>
>> Amos
>>
>>
>>>
>>> Thank you
>>> Markus
>>>
>>> "Amos Jeffries" <squid3_at_treenet.co.nz> wrote in message
>>> news:4F82CD96.8060708_at_treenet.co.nz...
>>>> On 7/04/2012 12:08 p.m., Markus Moeller wrote:
>>>>> It looks like to be an ipv6 problem. I disabled ipv6 on my
>>>>> OpenSuse, but squid wants to bind on ::1 (ipv6 localhost) which
>>>>> fails.
>>>>>
>>>>> Is this a bug ?
>>>>
>>>> In the documentation yes. It has been fixed and will say the
>>>> correct ipv4/ipv6 default in later confg manuals.
>>>>
>>>> You need to specify the "ipv4" option to get Squid to contect
>>>> helpers on IPv4-only TCP sockets.
>>>>
>>>> Amos
>>>>
>>>
>>>
>>
>>
>
>
Received on Tue Apr 10 2012 - 11:37:49 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 14 2012 - 12:00:03 MDT