I've updated squid to the latest version.
In the access.log IPv4 resolution is still broken, e.g. IPv4 addresses are shown as "::".
In cache.log the message has changed.
date and time kid1| DNS IPv6 socket created at [::], FD 6
date and time kid1| Accepting HTTP Socket connections at conn3 local=127.0.0.1:3128 remote=[::] FD 16 flags=9
Original Message:
Sent: Tue August 08, 2023 06:18 AM
From: Esa Kärkkäinen
Subject: Squid name resolution fails
Hi Reshma,
I've updated squid to the latest version, but just about all IPv4 addresses are still shown as "::" in squid logs.
# /opt/freeware/sbin/squid --version
Squid Cache: Version 5.8
Service Name: squid
configure options: '--host=powerpc-ibm-aix7.1.3.0' '--build=powerpc-ibm-aix7.1.3.0' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/freeware' '--exec-prefix=/opt/freeware' '--bindir=/opt/freeware/bin' '--sbindir=/opt/freeware/sbin' '--sysconfdir=/opt/freeware/etc' '--datadir=/opt/freeware/share' '--includedir=/opt/freeware/include' '--libdir=/opt/freeware/lib' '--libexecdir=/opt/freeware/libexec' '--localstatedir=/opt/freeware/var' '--sharedstatedir=/opt/freeware/com' '--mandir=/opt/freeware/man' '--infodir=/opt/freeware/info' '--localstatedir=/var' '--sysconfdir=/opt/freeware/etc/squid' '--libexecdir=/opt/freeware/lib64/squid' '--bindir=/opt/freeware/sbin' '--enable-delay-pools' '--disable-strict-error-checking' '--disable-auth' '--disable-loadable-modules' '--with-swapdir=/var/spool/squid' 'build_alias=powerpc-ibm-aix7.1.3.0' 'host_alias=powerpc-ibm-aix7.1.3.0' 'CC=/opt/freeware/bin/gcc -maix64 -O2' 'CFLAGS=-O2 -g' 'LDFLAGS=-L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -lbsd' 'CXX=/opt/freeware/bin/g++ -maix64 -O2' 'CXXFLAGS=-O2 -g' 'PKG_CONFIG_PATH=:/opt/freeware/lib/pkgconfig:/opt/freeware/share/pkgconfig' 'LIBXML2_LIBS=/opt/freeware/lib/libxml2.a' --enable-ltdl-convenience
# rpm -qa|grep squid
squid-5.8-1.ppc
#
2023/08/08 12:43:34.307 kid1| 5,2| TcpAcceptor.cc(323) acceptNext: connection on conn39 local=AAA.BBB.CCC.DDD:PPPP remote=[::] FD 13 flags=9
2023/08/08 12:43:34.307 kid1| 5,5| TcpAcceptor.cc(309) acceptOne: Listener: conn39 local=AAA.BBB.CCC.DDD:PPPP remote=[::] FD 13 flags=9 accepted new connection conn48 local=[::] remote=[::] FD 15 flags=1 handler Subscription: 0x11020d250*1
2023/08/08 12:43:34.307 kid1| 5,5| AsyncCall.cc(96) ScheduleCall: TcpAcceptor.cc (345) will call httpAccept(conn48 local=[::] remote=[::] FD 15 flags=1, master58) [call10133]
Excerpt from access.log
2023-08-08T12:43:41.261EEST 6954 - :: - TCP_TUNNEL/200 6773993 CONNECT public.dhe.ibm.com:443 - FIRSTUP_PARENT/AAA.BBB.CCC.FFF -
And finally squid.conf file, where the "ignore_unknown_nameservers off" so that cache.log is not floded with WARNING: Reply from unknown nameserver [::] lines.
http_port 127.0.0.1:PPPP
http_port AAA.BBB.CCC.DDD:PPPP
tcp_outgoing_address AAA.BBB.CCC.DDD
dns_nameservers AAA.BBB.CCC.GGG AAA.BBB.CCC.HHH AAA.BBB.CCC.III
ignore_unknown_nameservers off
hosts_file /etc/hosts
cache_peer AAA.BBB.CCC.FFF parent 8085 7 proxy-only no-query default
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /squid/cache 200 1 1 no-store
coredump_dir /squid/core
logformat timereadable %{%FT%T}tl.%03tu%{%z}tl %6tr %dt %>a %>A %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
cache_access_log stdio:/squid/log/access.log timereadable
cache_log /squid/log/cache.log
cache_store_log /squid/log/store.log
pid_filename /squid/pid/squid.pid
debug_options 5,5
acl manager url_regex +i ^[^:]+://[^/]+/squid-internal-mgr/
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl IBMdom dstdom_regex -n -i \.ibm\.com
http_access allow IBMdom
http_access deny all
cache_mgr admin@domain
cache_effective_user squid
cache_effective_group squid
always_direct deny IBMdom
never_direct allow IBMdom
nonhierarchical_direct off
Squid uses a mix of IPv4 and IPv6 addresses.
FWIW the only IPv6 address is "::1" on lo0 interface.
# lsof -nP -p 5964060|grep IPv
lsof: WARNING: compiled for AIX version 7.1.0.0; this is 7.3.0.0.
squid_64 5964060 squid 8u IPv6 0xf1000f00034b4600 0t0 UDP *:32868
squid_64 5964060 squid 10u IPv4 0xf1000f0003522200 0t0 UDP *:32869
squid_64 5964060 squid 11u IPv4 0xf1000f000355ebc0 0t0 TCP 127.0.0.1:3128 (LISTEN)
squid_64 5964060 squid 13u IPv4 0xf1000f00035573c0 0t0 TCP 10.129.102.20:3128 (LISTEN)
------------------------------
Esa Kärkkäinen
Original Message:
Sent: Tue October 04, 2022 01:55 AM
From: RESHMA KUMAR
Subject: Squid name resolution fails
Hi Esa,
We will look into it.
Could you please share squid.conf file and the command executed to start the squid daemon?
------------------------------
RESHMA KUMAR
Original Message:
Sent: Thu September 29, 2022 07:45 AM
From: Esa Kärkkäinen
Subject: Squid name resolution fails
Hi,
I have an issue with Squid name resolution.
The IPv4 address resolution shows incorrectly as "::" in three different places:
- access.log, logformat has "%>a" which is shown as "::"
- cache.log, "WARNING: Reply from unknown nameserver [::]"
- X-Forwarded-For header, "X-Forwarded-For: ::"
AFAIK the Squid version is at the latest version available from AIX Toolbox
# rpm -qa|grep squid
squid-4.15-1.ppc
# /opt/freeware/sbin/squid -v
Squid Cache: Version 4.15
Service Name: squid
configure options: '--host=powerpc-ibm-aix6.1.9.0' '--build=powerpc-ibm-aix6.1.9.0' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/freeware' '--exec-prefix=/opt/freeware' '--bindir=/opt/freeware/bin' '--sbindir=/opt/freeware/sbin' '--sysconfdir=/opt/freeware/etc' '--datadir=/opt/freeware/share' '--includedir=/opt/freeware/include' '--libdir=/opt/freeware/lib' '--libexecdir=/opt/freeware/libexec' '--localstatedir=/opt/freeware/var' '--sharedstatedir=/opt/freeware/com' '--mandir=/opt/freeware/man' '--infodir=/opt/freeware/info' '--localstatedir=/var' '--sysconfdir=/opt/freeware/etc/squid' '--libexecdir=/opt/freeware/lib64/squid' '--bindir=/opt/freeware/sbin' '--enable-delay-pools' '--disable-strict-error-checking' '--disable-auth' '--disable-loadable-modules' 'build_alias=powerpc-ibm-aix6.1.9.0' 'host_alias=powerpc-ibm-aix6.1.9.0' 'CC=/opt/freeware/bin/gcc -maix64 -O2' 'CFLAGS=-O2 -g' 'LDFLAGS=-L/opt/freeware/lib64 -L/opt/freeware/lib -lpthread -lbsd -lgnutls -lnettle -lexpat -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib' 'CXX=/opt/freeware/bin/g++ -maix64 -O2' 'CXXFLAGS=-O2 -g' 'PKG_CONFIG_PATH=:/opt/freeware/lib/pkgconfig:/opt/freeware/share/pkgconfig' 'LIBXML2_LIBS=/opt/freeware/lib/libxml2.a'
#
Best regards,
Esa
------------------------------
Esa Kärkkäinen
------------------------------
#AIXOpenSource