Webproxy/Squid not working with IPv6 listen-address
Closed, ResolvedPublicBUG
Actions

Assigned To

Authored By

	aha
	Dec 29 2021, 12:52 PM

Description

Hi,

while testing some services with IPv6 link-local addresses (for T4110) I found a problem with Webproxy/Squid using IPv6 at all (doesn't matter if link local, ULA or global).

vyos@vyos# set interfaces ethernet eth0 address fd42:1983:1::1/64
vyos@vyos# set service webproxy listen-address fd42:1983:1::1 disable-transparent
[edit]
vyos@vyos# commit
[edit]

There is no error message but squid is not working:

vyos@vyos# sudo netstat -lnp |grep 3128
[edit]
vyos@vyos# ps ax |grep squid
  11593 pts/0    S+     0:00 grep squid
[edit]
vyos@vyos# squid -k check
2021/12/29 11:19:11| FATAL: Bungled /etc/squid/squid.conf line 36: http_port fd42:1983:1::1:3128 
2021/12/29 11:19:11| Squid Cache (Version 4.13): Terminated abnormally.
CPU Usage: 0.006 seconds = 0.004 user + 0.002 sys
Maximum Resident Size: 52576 KB
Page faults with physical i/o: 0

The problem is not "bracketizing" the IPv6 address in /etc/squid/squid.conf:

vyos@vyos# grep "http_port" /etc/squid/squid.conf
http_port fd42:1983:1::1:3128
http_port 127.0.0.1:3128

After patching "data/templates/squid/squid.conf.tmpl" it's working.

vyos@vyos# diff /usr/share/vyos/templates/squid/squid.conf.tmpl.orig  /usr/share/vyos/templates/squid/squid.conf.tmpl
91c91
< http_port {{ address }}:{{ config.port if config.port is defined else default_port }} {{ 'intercept' if config.disable_transparent is not defined }}
---
> http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is defined else default_port }} {{ 'intercept' if config.disable_transparent is not defined }}

Now the config is correct and squid is working:

vyos@vyos# grep "http_port" /etc/squid/squid.conf
http_port [fd42:1983:1::1]:3128
http_port 127.0.0.1:3128

vyos@vyos# ps ax |grep squid
  13552 ?        Ss     0:00 /usr/sbin/squid --foreground -sYC
  13556 ?        S      0:00 (squid-1) --kid squid-1 --foreground -sYC

vyos@vyos# sudo netstat -lnp |grep 3128
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      13556/(squid-1)
tcp6       0      0 fd42:1983:1::1:3128     :::*                    LISTEN      13556/(squid-1)

Unfortunately I don't know how to post a pull request on github for that :(

BTW: there seems no syntax-check for listen-address:

vyos@vyos# set service webproxy listen-address blahblah disable-transparent
[edit]
vyos@vyos# commit
[edit]
# no error!
vyos@vyos# grep "http_port" /etc/squid/squid.conf
http_port 10.10.18.6:3128
http_port blahblah:3128
http_port [fd42:1983:1::1]:3128
http_port 127.0.0.1:3128

Details

Difficulty level: Easy (less than an hour)
Version: 1.4-rolling-202112281820
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Perfectly compatible
Issue type: Bug (incorrect behavior)

Related Objects

Mentioned In: T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0
Mentioned Here: T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0

Event Timeline

aha created this task.Dec 29 2021, 12:52 PM

aha mentioned this in T4110: [IPV6-SSH/DNS} enable IPv6 link local adresses as listen-address %eth0.Dec 29 2021, 1:20 PM

Just fork the repository vyos-1x and create a PR with propper commit format.
https://docs.vyos.io/en/equuleus/contributing/development.html#fork-repository-and-submit-patch
https://github.com/vyos/vyos-1x/blob/current/CONTRIBUTING.md

pasik added a subscriber: pasik.Dec 29 2021, 2:44 PM

Never done this before. I hope that PR is correct:
https://github.com/vyos/vyos-1x/pull/1126

Viacheslav closed this task as Resolved.Jan 8 2022, 8:01 PM

Viacheslav claimed this task.

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.

Webproxy/Squid not working with IPv6 listen-addressClosed, ResolvedPublicBUGActions

Description

Details

Related Objects

Event Timeline

Webproxy/Squid not working with IPv6 listen-address
Closed, ResolvedPublicBUG
Actions