AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system

 View Only

  • 1.  Squid name resolution fails

    Posted Thu September 29, 2022 07:46 AM
    Hi,

    I have an issue with Squid name resolution.

    The IPv4 address resolution shows incorrectly as "::" in three different places:
    1. access.log, logformat has "%>a" which is shown as "::"
    2. cache.log, "WARNING: Reply from unknown nameserver [::]"
    3. X-Forwarded-For header, "X-Forwarded-For: ::"
    AFAIK the Squid version is at the latest version available from AIX Toolbox

    # rpm -qa|grep squid
    squid-4.15-1.ppc
    # /opt/freeware/sbin/squid -v
    Squid Cache: Version 4.15
    Service Name: squid
    configure options: '--host=powerpc-ibm-aix6.1.9.0' '--build=powerpc-ibm-aix6.1.9.0' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/freeware' '--exec-prefix=/opt/freeware' '--bindir=/opt/freeware/bin' '--sbindir=/opt/freeware/sbin' '--sysconfdir=/opt/freeware/etc' '--datadir=/opt/freeware/share' '--includedir=/opt/freeware/include' '--libdir=/opt/freeware/lib' '--libexecdir=/opt/freeware/libexec' '--localstatedir=/opt/freeware/var' '--sharedstatedir=/opt/freeware/com' '--mandir=/opt/freeware/man' '--infodir=/opt/freeware/info' '--localstatedir=/var' '--sysconfdir=/opt/freeware/etc/squid' '--libexecdir=/opt/freeware/lib64/squid' '--bindir=/opt/freeware/sbin' '--enable-delay-pools' '--disable-strict-error-checking' '--disable-auth' '--disable-loadable-modules' 'build_alias=powerpc-ibm-aix6.1.9.0' 'host_alias=powerpc-ibm-aix6.1.9.0' 'CC=/opt/freeware/bin/gcc -maix64 -O2' 'CFLAGS=-O2 -g' 'LDFLAGS=-L/opt/freeware/lib64 -L/opt/freeware/lib -lpthread -lbsd -lgnutls -lnettle -lexpat -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib' 'CXX=/opt/freeware/bin/g++ -maix64 -O2' 'CXXFLAGS=-O2 -g' 'PKG_CONFIG_PATH=:/opt/freeware/lib/pkgconfig:/opt/freeware/share/pkgconfig' 'LIBXML2_LIBS=/opt/freeware/lib/libxml2.a'​
    #

    Best regards,

    Esa​

    ------------------------------
    Esa Kärkkäinen
    ------------------------------


  • 2.  RE: Squid name resolution fails

    Posted Tue October 04, 2022 01:56 AM
    Hi Esa,
    We will look into it.
    Could you please share squid.conf file and the command executed to start the squid daemon?

    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 3.  RE: Squid name resolution fails

    Posted Tue October 04, 2022 02:45 AM
    Edited by Esa Kärkkäinen Tue October 04, 2022 02:52 AM
    Hi Reshma,

    FWIW, hostname resolution using nslookup and host commands gives expected results.
    in the netsvc.conf file the only uncommented line is "hosts = local4, local6, bind4"

    Please find start command and squid.conf below.

    Start 
    SQUIDCTL="/opt/freeware/sbin/squid"
su - squid -c "${SQUIDCTL}"
    And the squid.conf file, please note that hostnames, IP addresses and ports have been altered. 
    http_port 127.0.0.1:PPPP
http_port AAA.BBB.CCC.DDD:PPPP
tcp_outgoing_address AAA.BBB.CCC.EEE
cache_peer AAA.BBB.CCC.FFF parent PPPP 7 proxy-only no-query default
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /squid/cache 200 1 1 no-store
cache_access_log /squid/log/access.log
cache_log /squid/log/cache.log
cache_store_log /squid/log/store.log
pid_filename /squid/pid/squid.pid
debug_options ALL,1
acl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 443         # https
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl HMCA   src AAA.BBB.CCC.GGG/32
acl IBMip  dst "/squid/ibm.support.ip.addresses"
acl IBMdom dstdom_regex -n -i \.ibm\.com
http_access allow localhost IBMip
http_access allow localhost IBMdom
http_access allow HMCA IBMip
http_access allow HMCA IBMdom
http_access deny all
icp_access deny all
cache_effective_user squid
cache_effective_group squid
always_direct deny IBMip
always_direct deny IBMdom
never_direct allow IBMip
never_direct allow IBMdom
nonhierarchical_direct off
    Best regards, Esa

    ------------------------------
    Esa Kärkkäinen
    ------------------------------

    Original Message


  • 4.  RE: Squid name resolution fails

    Posted Tue August 08, 2023 06:19 AM
    Edited by Esa Kärkkäinen Thu August 10, 2023 05:18 AM

    Hi Reshma,

    I've updated squid to the latest version, but just about all IPv4 addresses are still shown as "::" in squid logs.

    # /opt/freeware/sbin/squid --version
    Squid Cache: Version 5.8
    Service Name: squid
    configure options:  '--host=powerpc-ibm-aix7.1.3.0' '--build=powerpc-ibm-aix7.1.3.0' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/freeware' '--exec-prefix=/opt/freeware' '--bindir=/opt/freeware/bin' '--sbindir=/opt/freeware/sbin' '--sysconfdir=/opt/freeware/etc' '--datadir=/opt/freeware/share' '--includedir=/opt/freeware/include' '--libdir=/opt/freeware/lib' '--libexecdir=/opt/freeware/libexec' '--localstatedir=/opt/freeware/var' '--sharedstatedir=/opt/freeware/com' '--mandir=/opt/freeware/man' '--infodir=/opt/freeware/info' '--localstatedir=/var' '--sysconfdir=/opt/freeware/etc/squid' '--libexecdir=/opt/freeware/lib64/squid' '--bindir=/opt/freeware/sbin' '--enable-delay-pools' '--disable-strict-error-checking' '--disable-auth' '--disable-loadable-modules' '--with-swapdir=/var/spool/squid' 'build_alias=powerpc-ibm-aix7.1.3.0' 'host_alias=powerpc-ibm-aix7.1.3.0' 'CC=/opt/freeware/bin/gcc -maix64 -O2' 'CFLAGS=-O2 -g' 'LDFLAGS=-L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -lbsd' 'CXX=/opt/freeware/bin/g++ -maix64 -O2' 'CXXFLAGS=-O2 -g' 'PKG_CONFIG_PATH=:/opt/freeware/lib/pkgconfig:/opt/freeware/share/pkgconfig' 'LIBXML2_LIBS=/opt/freeware/lib/libxml2.a' --enable-ltdl-convenience
    # rpm -qa|grep squid
    squid-5.8-1.ppc
    #

    Excerpt from cache.log.

    2023/08/08 12:43:34.307 kid1| 5,2| TcpAcceptor.cc(323) acceptNext: connection on conn39 local=AAA.BBB.CCC.DDD:PPPP remote=[::] FD 13 flags=9
    2023/08/08 12:43:34.307 kid1| 5,5| TcpAcceptor.cc(309) acceptOne: Listener: conn39 local=AAA.BBB.CCC.DDD:PPPP remote=[::] FD 13 flags=9 accepted new connection conn48 local=[::] remote=[::] FD 15 flags=1 handler Subscription: 0x11020d250*1
    2023/08/08 12:43:34.307 kid1| 5,5| AsyncCall.cc(96) ScheduleCall: TcpAcceptor.cc (345) will call httpAccept(conn48 local=[::] remote=[::] FD 15 flags=1, master58) [call10133]

    Excerpt from access.log

    2023-08-08T12:43:41.261EEST   6954 - :: - TCP_TUNNEL/200 6773993 CONNECT public.dhe.ibm.com:443 - FIRSTUP_PARENT/AAA.BBB.CCC.FFF -

    And finally squid.conf file, where the "ignore_unknown_nameservers off" so that cache.log is not floded with WARNING: Reply from unknown nameserver [::] lines.

    http_port 127.0.0.1:PPPP
    http_port AAA.BBB.CCC.DDD:PPPP
    tcp_outgoing_address AAA.BBB.CCC.DDD
    dns_nameservers AAA.BBB.CCC.GGG AAA.BBB.CCC.HHH AAA.BBB.CCC.III
    ignore_unknown_nameservers off
    hosts_file /etc/hosts
    cache_peer AAA.BBB.CCC.FFF parent 8085 7 proxy-only no-query default
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_dir ufs /squid/cache 200 1 1 no-store
    coredump_dir /squid/core
    logformat timereadable %{%FT%T}tl.%03tu%{%z}tl %6tr %dt %>a %>A %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
    cache_access_log stdio:/squid/log/access.log timereadable
    cache_log /squid/log/cache.log
    cache_store_log /squid/log/store.log
    pid_filename /squid/pid/squid.pid
    debug_options 5,5
    acl manager url_regex +i ^[^:]+://[^/]+/squid-internal-mgr/
    acl SSL_ports port 443
    acl Safe_ports port 80          # http
    acl Safe_ports port 443         # https
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    acl IBMdom     dstdom_regex -n -i \.ibm\.com
    http_access allow IBMdom
    http_access deny all
    cache_mgr admin@domain
    cache_effective_user squid
    cache_effective_group squid
    always_direct deny IBMdom
    never_direct allow IBMdom
    nonhierarchical_direct off

    Squid uses a mix of IPv4 and IPv6 addresses.

    FWIW the only IPv6 address is "::1" on lo0 interface.

    # lsof -nP -p 5964060|grep IPv
    lsof: WARNING: compiled for AIX version 7.1.0.0; this is 7.3.0.0.
    squid_64 5964060 squid    8u  IPv6 0xf1000f00034b4600      0t0  UDP *:32868
    squid_64 5964060 squid   10u  IPv4 0xf1000f0003522200      0t0  UDP *:32869
    squid_64 5964060 squid   11u  IPv4 0xf1000f000355ebc0      0t0  TCP 127.0.0.1:3128 (LISTEN)
    squid_64 5964060 squid   13u  IPv4 0xf1000f00035573c0      0t0  TCP 10.129.102.20:3128 (LISTEN)



    ------------------------------
    Esa Kärkkäinen
    ------------------------------

    Original Message


  • 5.  RE: Squid name resolution fails

    Posted Fri October 11, 2024 07:50 AM

    Hi @RESHMA KUMAR

    I've updated squid to the latest version.

    # rpm -qa|grep squid
    squid-6.11-1.ppc
    # /opt/freeware/sbin/squid --version
    Squid Cache: Version 6.11
    Service Name: squid
    configure options:  '--host=powerpc-ibm-aix7.1.3.0' '--build=powerpc-ibm-aix7.1.3.0' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/freeware' '--exec-prefix=/opt/freeware' '--bindir=/opt/freeware/bin' '--sbindir=/opt/freeware/sbin' '--sysconfdir=/opt/freeware/etc' '--datadir=/opt/freeware/share' '--includedir=/opt/freeware/include' '--libdir=/opt/freeware/lib' '--libexecdir=/opt/freeware/libexec' '--localstatedir=/opt/freeware/var' '--sharedstatedir=/opt/freeware/com' '--mandir=/opt/freeware/man' '--infodir=/opt/freeware/info' '--localstatedir=/var' '--sysconfdir=/opt/freeware/etc/squid' '--libexecdir=/opt/freeware/lib64/squid' '--bindir=/opt/freeware/sbin' '--enable-delay-pools' '--disable-strict-error-checking' '--disable-auth' '--disable-loadable-modules' '--with-swapdir=/var/spool/squid' 'build_alias=powerpc-ibm-aix7.1.3.0' 'host_alias=powerpc-ibm-aix7.1.3.0' 'CC=/opt/freeware/bin/gcc -maix64 -O2 -pthread' 'CFLAGS=-O2 -g' 'LDFLAGS=-L/opt/freeware/lib/pthread/ppc64 -L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib/pthread/ppc64:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib -lbsd' 'CXX=/opt/freeware/bin/g++ -maix64 -O2 -pthread' 'CXXFLAGS=-O2 -g' 'PKG_CONFIG_PATH=:/opt/freeware/lib/pkgconfig:/opt/freeware/share/pkgconfig' --enable-ltdl-convenience

    In the access.log IPv4 resolution is still broken, e.g. IPv4 addresses are shown as "::".

    In cache.log the message has changed.
    date and time kid1| DNS IPv6 socket created at [::], FD 6
    date and time kid1| Accepting HTTP Socket connections at conn3 local=127.0.0.1:3128 remote=[::] FD 16 flags=9



    ------------------------------
    Esa Kärkkäinen
    ------------------------------

    Original Message