Search squid archive

Re: squid hardening - weird behaviour

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> > weird, i don`t see any listeing socket with squidclient - i would have expected 3128 and 34810 here !?
> 
> So did I. Mine shows them. Should have 0.0.0.0.0 (last .0 is port). 
> Maybe it is slightly different in 2.x than 3.0 in this regard.

yes, seems so.
i updated to latest release and now i see

Active file descriptors:
File Type   Tout Nread  * Nwrite * Remote Address        Description
---- ------ ---- -------- -------- --------------------- ------------------------------
   0 Log       0       0        0                        stdin
   1 Log       0       0        0                        stdout
   2 Log       0       0        0                        stderr
   3 Log       0       0        0                        /usr/local/squid/var/logs/cache.log
   6 Socket    0     603      353  .0                    DNS Socket
   7 File      0       0     8828                        /usr/local/squid/var/logs/access.log
   8 Pipe      0       0        0                        unlinkd -> squid
   9 File      0       0     2607                        /usr/local/squid/var/logs/store.log
  10 File      0       0      104                        /usr/local/squid/var/cache/swap.state
  11 Pipe      0       0        0                        squid -> unlinkd
  12 Socket 1440      70        0* 10.0.0.60.38093       Reading next request
  13 Socket    0       0        0  .0                    HTTP Socket
  17 Socket    0    2667*   44096  10.0.0.10.2531        Waiting for next request

vmhost:/usr/local/squid/bin # netstat -anp |grep squid
tcp        0      0 10.0.0.60:3128          0.0.0.0:*               LISTEN      8552/squid
udp        0      0 0.0.0.0:34838           0.0.0.0:*                           8552/squid
unix  2      [ ]         DGRAM                    393925789 8552/squid


> Anyway, despite the missing port numbers:
>   cache_object://... is squidclient getting the list itself
>   that leaves only DNS and HTTP listener TCP/UDP Sockets
>   and the two unlinkd pipes (listed as unix by netstat).
> 
> So it does appear to be DNS.
> 
> Squid will drop any packets received from NS not listed either in 
> dns_nameservers in squid.conf, or in resolv.conf as your local ones.

so, let me repeat:
squid is opening an extra upd socket for ICP,HTCP, syslog and DNS.
udp_incoming_address and  udp_outgoing_address are relevant config 
params for this.

we can`t get rid of this port because we would break DNS for squid.

#udp_incoming_address    is used for the ICP socket receiving packets
#                               from other caches.

So this is just half of the truth because it is relevant not only for ICP, but 
for DNS, too , correct ?
should "we" fix this in the docs ? (unfortunately, i cannot give much input)

btw - any reason why squid doesn`t use host resolver routines for DNS lookup ?
(i.e. something like gethostbyname() etc, so this would also get cached by nscd ....)

regards
Roland
__________________________________________________________________________
Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach!		
Mehr Infos unter http://produkte.web.de/club/?mc=021131
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux