Re: [squid-users] Even/Odd SRC ACL

From: Nishant Sharma <codemarauder_at_gmail.com>
Date: Fri, 27 Jun 2014 12:13:41 +0530

On Friday 27 June 2014 11:58 AM, Nishant Sharma wrote:
>
> On Friday 27 June 2014 10:05 AM, Amos Jeffries wrote:
>>> acl even src 0.0.0.0/0.0.0.1
>>> tcp_outgoing_address wan1 even
>>> tcp_outgoing_address wan2 !even
>>>
> wan1 & wan2 in the config are the actual WAN IP Addresses (IPv4) and NAT
> rules are properly set-up for both the WANs. If I divide the LAN into
> two /25 subnets it works fine. But not with masked bits.
>
> Is there any debug option that I could enable to see how these ACLs are
> being matched or by-passed? "debug_options ALL,9" can be an overkill for
> this?

Here are the debug logs. I see that it is trying to compare SRC-IP:Port
pair against the ACL and result is always "0".

Any pointers?

2014/06/27 12:02:37.882| ACLList::matches: checking !EVEN
2014/06/27 12:02:37.883| ACL::checklistMatches: checking 'EVEN'
2014/06/27 12:02:37.883| aclIpAddrNetworkCompare: compare:
192.168.2.121:49287/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
(192.168.2.121:49287) vs
0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff]
2014/06/27 12:02:37.883| aclIpMatchIp: '192.168.2.121:49287' NOT found
2014/06/27 12:02:37.883| ACL::ChecklistMatches: result for 'EVEN' is 0
2014/06/27 12:02:37.883| ACLList::matches: result is true
2014/06/27 12:02:37.883| aclmatchAclList: 0xbfbfe290 returning true (AND
list satisfied)
2014/06/27 12:02:37.883| ACLChecklist::markFinished: 0xbfbfe290
checklist processing finished
2014/06/27 12:02:37.883| FilledChecklist.cc(168) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0xbfbfe290
2014/06/27 12:02:37.883| ACLChecklist::~ACLChecklist: destroyed 0xbfbfe290
2014/06/27 12:02:37.883| FilledChecklist.cc(168) ~ACLFilledChecklist:
ACLFilledChecklist destroyed 0xbfbfe2b0
2014/06/27 12:02:37.883| ACLChecklist::~ACLChecklist: destroyed 0xbfbfe2b0
2014/06/27 12:02:37.883| fwdConnectStart: got outgoing addr
2xx.1xx.3x.xx, tos 0

Thanks & regards,
Nishant
Received on Fri Jun 27 2014 - 06:43:50 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 27 2014 - 12:00:05 MDT