Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

David Touzeau-3

Hi

 

Hi,

 

Ipv6 is not enabled on this Debian 9 system.

 

sysctl -a |grep ipv6|grep disable

sysctl: reading key "net.ipv6.conf.all.stable_secret"

sysctl: reading key "net.ipv6.conf.default.stable_secret"

sysctl: reading key "net.ipv6.conf.eth0.stable_secret"

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

sysctl: reading key "net.ipv6.conf.eth1.stable_secret"

sysctl: reading key "net.ipv6.conf.lo.stable_secret"

net.ipv6.conf.eth0.disable_ipv6 = 1

net.ipv6.conf.eth1.disable_ipv6 = 1

net.ipv6.conf.lo.disable_ipv6 = 1

 

Squid try to open a socket on ipv6 loopback…

 

2018/07/15 01:32:45 kid2| Sending SNMP messages from 0.0.0.0:3401

2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 155 to [::1]: (99) Cannot assign requested address

2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 156 to [::1]: (99) Cannot assign requested address

2018/07/15 01:32:45 kid2| ERROR: Failed to create helper child read FD: UDP[::1]

 

2018/07/15 01:32:45 kid1| Sending SNMP messages from 0.0.0.0:3401

2018/07/15 01:32:45 kid1| commBind Cannot bind socket FD 117 to [::1]: (99) Cannot assign requested address

2018/07/15 01:32:45 kid1| commBind Cannot bind socket FD 118 to [::1]: (99) Cannot assign requested address

2018/07/15 01:32:45 kid1| ERROR: Failed to create helper child read FD: UDP[::1]

 

How to avoid this error ?

 

Config :

snmp_port 3401

snmp_incoming_address 0.0.0.0

#snmp_outgoing_address 255.255.255.255

acl snmppublic snmp_community public

acl snmpConsole src 127.0.0.1

snmp_access allow snmpConsole

snmp_access allow snmppublic snmpConsole

snmp_access allow snmppublic localhost

snmp_access allow snmppublic MgRClient

snmp_access deny all

 

 

Squid Cache: Version 4.1

Service Name: squid

 

This binary uses OpenSSL 1.1.0f  25 May 2017. For legal restrictions on distribution see https://www.openssl.org/source/license.html

 

configure options:  '--prefix=/usr' '--build=x86_64-linux-gnu' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--enable-gnuregex' '--enable-removal-policy=heap' '--enable-follow-x-forwarded-for' '--enable-removal-policies=lru,heap' '--enable-arp-acl' '--enable-truncate' '--with-large-files' '--with-pthreads' '--enable-esi' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-x-accelerator-vary' '--with-dl' '--enable-linux-netfilter' '--with-netfilter-conntrack' '--enable-wccpv2' '--enable-eui' '--enable-auth' '--enable-auth-basic' '--enable-snmp' '--enable-icmp' '--enable-auth-digest' '--enable-log-daemon-helpers' '--enable-url-rewrite-helpers' '--enable-auth-ntlm' '--with-default-user=squid' '--enable-icap-client' '--disable-cache-digests' '--enable-poll' '--enable-epoll' '--enable-async-io=128' '--enable-zph-qos' '--enable-delay-pools' '--enable-http-violations' '--enable-url-maps' '--enable-ecap' '--enable-ssl' '--with-openssl' '--enable-ssl-crtd' '--enable-xmalloc-statistics' '--enable-ident-lookups' '--with-filedescriptors=65536' '--with-aufs-threads=128' '--disable-arch-native' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/cache/squid' 'build_alias=x86_64-linux-gnu'


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

Amos Jeffries
Administrator
On 15/07/18 11:40, David Touzeau wrote:

> Hi
>
>  
>
> Hi,
>
>  
>
> Ipv6 is not enabled on this Debian 9 system.
>

Nod. That would be why is cannot open IPv6 sockets.

Squid is designed to comply with RFC 6540 (aka BCP 177), and to assume
the machine it is running on also complies:
 "IPv6 Support Required for All IP-Capable Nodes"

Anyhow ...

>
> Squid try to open a socket on ipv6 loopback…
>
>  
>
> 2018/07/15 01:32:45 kid2| Sending SNMP messages from 0.0.0.0:3401
>

Above says SNMP is working fine.

Then _something else_ has issues ...

> 2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 155 to [::1]:
> (99) Cannot assign requested address
>
> 2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 156 to [::1]:
> (99) Cannot assign requested address
>
> 2018/07/15 01:32:45 kid2| ERROR: Failed to create helper child read FD:
> UDP[::1]
>

One of the helpers you are using needs IPv6 to send UDP packets to/from
Squid.

I would look at external_acl_type helpers. That is usually the one which
surprises IPv4-only people.

When your Squid is built to assume enabled IPv6 and your machine is
setup to disable it, you need to add the "ipv4" option to your
external_acl_type helper config lines.

PS. from the config given it looks like you don't need that snmpConsole
ACL. The built-in localhost ACL covers the same case(s) and will also
continue working if/when you decide to enable IPv6 within your network.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

David Touzeau-3
We have this one too

2018/07/15 23:38:11 kid2| Accepting SNMP messages on 0.0.0.0:3401
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable
2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable

I"m pretty sure this is the SNMP module...


-----Message d'origine-----
De : squid-users <[hidden email]> De la part de Amos Jeffries
Envoyé : dimanche 15 juillet 2018 07:54
À : [hidden email]
Objet : Re: [squid-users] Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

On 15/07/18 11:40, David Touzeau wrote:

> Hi
>
>  
>
> Hi,
>
>  
>
> Ipv6 is not enabled on this Debian 9 system.
>

Nod. That would be why is cannot open IPv6 sockets.

Squid is designed to comply with RFC 6540 (aka BCP 177), and to assume the machine it is running on also complies:
 "IPv6 Support Required for All IP-Capable Nodes"

Anyhow ...

>
> Squid try to open a socket on ipv6 loopback…
>
>  
>
> 2018/07/15 01:32:45 kid2| Sending SNMP messages from 0.0.0.0:3401
>

Above says SNMP is working fine.

Then _something else_ has issues ...

> 2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 155 to [::1]:
> (99) Cannot assign requested address
>
> 2018/07/15 01:32:45 kid2| commBind Cannot bind socket FD 156 to [::1]:
> (99) Cannot assign requested address
>
> 2018/07/15 01:32:45 kid2| ERROR: Failed to create helper child read FD:
> UDP[::1]
>

One of the helpers you are using needs IPv6 to send UDP packets to/from Squid.

I would look at external_acl_type helpers. That is usually the one which surprises IPv4-only people.

When your Squid is built to assume enabled IPv6 and your machine is setup to disable it, you need to add the "ipv4" option to your external_acl_type helper config lines.

PS. from the config given it looks like you don't need that snmpConsole ACL. The built-in localhost ACL covers the same case(s) and will also continue working if/when you decide to enable IPv6 within your network.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid v4.1: commBind Cannot bind [::1] on SNMP with no ipv6

Amos Jeffries
Administrator

On 16/07/18 09:56, David Touzeau wrote:
> We have this one too
>
> 2018/07/15 23:38:11 kid2| Accepting SNMP messages on 0.0.0.0:3401
> 2018/07/15 23:45:02 kid2| snmpHandleUdp: FD 23 recvfrom: (11) Resource temporarily unavailable

That FD 23 is from the above opened socket, not the unsuccessful ::1 one.

Do you have EDNS enabled on your network? If so you should be able to
rebuilds with SNMP_REQUEST_SIZE somewhat larger to avoid these. It
should be twice what your largest expected packet size is. Our default
is 4KB for Ethernet 1.5KB UDP packets.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users