[squid-users] squid 3.3.8 failed to start because of hard-coded acl with ::1 from Craig R. Skinner on 2013-12-31 (squid-users)

From: Craig R. Skinner <skinner_at_britvault.co.uk>
Date: Tue, 31 Dec 2013 13:23:32 +0000

#-=-=-=-=-= FYI -=-=-=-=-=-

This is probably a bug, but I can't create a bugzilla account as there
is no DNS PTR record for east.squid-cache.org, which I've raised with
postmaster@, hostmaster@ & root_at_packet-pushers.com

#-=-=-=-=-= FYI -=-=-=-=-=-

When using only IPv4, Squid 3.3.8 fails to start, citing bungled config.

FreeBSD uses a patch, see below.

$ uname -srp
OpenBSD 5.4 i386

$ pkg_info -I squid
squid-3.3.8 WWW and FTP proxy cache and accelerator

$ fgrep family /etc/resolv.conf
family inet4

$ grep ^acl /etc/squid/squid.conf
acl localnet src 192.168.169.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

$ /usr/local/sbin/squid -k parse
2013/12/31 11:28:35| Startup: Initializing Authentication Schemes ...
2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'basic'
2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'digest'
2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'negotiate'
2013/12/31 11:28:35| Startup: Initialized Authentication Scheme 'ntlm'
2013/12/31 11:28:35| Startup: Initialized Authentication.
2013/12/31 11:28:35| aclIpParseIpData: Bad host/IP: '::1' in '::1', flags=0 : (-5) no address associated with name
FATAL: Bungled Default Configuration line 11: acl localhost src 127.0.0.1/32 ::1
Squid Cache (Version 3.3.8): Terminated abnormally.
CPU Usage: 0.094 seconds = 0.055 user + 0.039 sys
Maximum Resident Size: 5836 KB
Page faults with physical i/o: 0

$ fgrep family /etc/resolv.conf
#family inet4

$ /usr/local/sbin/squid -k parse
2013/12/31 12:11:05| Startup: Initializing Authentication Schemes ...
2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'basic'
2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'digest'
2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'negotiate'
2013/12/31 12:11:05| Startup: Initialized Authentication Scheme 'ntlm'
2013/12/31 12:11:05| Startup: Initialized Authentication.
2013/12/31 12:11:05| Processing Configuration File:
/etc/squid/squid.conf (depth 0)
2013/12/31 12:11:05| Processing: acl localnet src 192.168.169.0/24 # RFC1918 possible internal network
...
...
..
.
[OK]

Bugged by FreeBSD ports team:
http://www.freebsd.org/cgi/query-pr.cgi?pr=176951
Their patch on same page:
http://www.freebsd.org/cgi/query-pr.cgi?pr=176951&getpatch=1

Maybe about line 846/7 of src/cf.data.pre (revision 13199)
http://bazaar.launchpad.net/~squid/squid/3-trunk/view/head:/src/cf.data.pre

Cheers,

-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7

Received on Tue Dec 31 2013 - 13:23:40 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 01 2014 - 12:00:05 MST