Re: [squid-users] bug ... No-lookup DNS ACLs ? from Amos Jeffries on 2013-01-31 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 01 Feb 2013 18:53:48 +1300

On 1/02/2013 6:33 p.m., Jeff Chua wrote:
> ---------- Forwarded message ----------
> From: Jeff Chua
>
>
> Amos,
>
> I'm seeing entries like these after rev 12620. It seems the "-n" only
> applies to dst* and not src* ACL. How can I fix these?

The no-lookup feature in 3.HEAD is unrelated to the config WARNINGS.

Since this is 3.HEAD alpha code you are talking about a message to
squid-dev is the best place to report it.

>
>
> 2013/02/01 13:19:05| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
> 2013/02/01 13:19:05| WARNING: because of this '::/0' is ignored to
> keep splay tree searching predictable
> 2013/02/01 13:19:05| WARNING: You should probably remove '::/0' from
> the ACL named 'all'
> 2013/02/01 13:19:05| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
> 2013/02/01 13:19:05| WARNING: because of this '127.0.0.1' is ignored
> to keep splay tree searching predictable
> 2013/02/01 13:19:05| WARNING: You should probably remove '127.0.0.1'
> from the ACL named 'localhost'
> 2013/02/01 13:19:05| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A)
> '127.0.0.0/8'
> 2013/02/01 13:19:05| WARNING: because of this '127.0.0.0/8' is ignored
> to keep splay tree searching predictable
> 2013/02/01 13:19:05| WARNING: You should probably remove '127.0.0.0/8'
> from the ACL named 'to_localhost'

To quote the acl directives current documentation

"
Option Name: acl
Default Value: ACLs all, manager, localhost, and to_localhost are
predefined.
"

Remove the old definitions from your config file and Squid will stop
complaining about duplicates.

> 2013/02/01 13:19:05| WARNING: (B) '138.18.18.0/25' is a subnetwork of
> (A) '138.18.18.0/25'
> 2013/02/01 13:19:05| WARNING: because of this '138.18.18.0/25' is
> ignored to keep splay tree searching predictable
> 2013/02/01 13:19:05| WARNING: You should probably remove
> '138.18.18.0/25' from the ACL named 'clients'
> 2013/02/01 13:19:05| WARNING: (B) '80.239.152.0/24' is a subnetwork of
> (A) '80.239.152.0/24'
> 2013/02/01 13:19:05| WARNING: because of this '80.239.152.0/24' is
> ignored to keep splay tree searching predictable

Looks like you defined 'clients' ACL twice somehow.

> In squid.conf ...
> acl clients src 138.18.18.0/25 127.0.0.1/32
> http_access allow manager clients
> http_access deny manager
>
> acl razor dstdomain .edgesuite.net .razor.tv
> acl razordst dst 80.239.152.0/24
> http_access deny razor razordst
>
> acl local-servers dstdomain proxy lo localhost
> always_direct allow local-servers
>
>
> I've tried add "-n" but it doesn't seem to fix the problem ...
> acl razor dstdomain -n .edgesuite.net .razor.tv
> acl razordst dst -n 80.239.152.0/24
>
>
> Thanks,
> Jeff
Received on Fri Feb 01 2013 - 05:54:01 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 01 2013 - 12:00:05 MST