Squid Network - Warning subnetwork

Question

Executing the following command:

squid-k parse

I get the following warnings:

WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/03/19 16:43:41| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/03/19 16:43:41| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/03/19 16:43:41| WARNING: (B) '127.0.0.1' is a subnetwork of (A) '127.0.0.1'
2014/03/19 16:43:41| WARNING: because of this '127.0.0.1' is ignored to keep splay tree searching predictable
2014/03/19 16:43:41| WARNING: You should probably remove '127.0.0.1' from the ACL named 'localhost'
2014/03/19 16:43:41| Processing: acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
2014/03/19 16:43:41| WARNING: (B) '127.0.0.0/8' is a subnetwork of (A) '127.0.0.0/8'
2014/03/19 16:43:41| WARNING: because of this '127.0.0.0/8' is ignored to keep splay tree searching predictable
2014/03/19 16:43:41| WARNING: You should probably remove '127.0.0.0/8' from the ACL named 'to_localhost'
2014/03/19 16:43:41| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2014/03/19 16:43:41| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2014/03/19 16:43:41| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'
2014/03/19 16:43:41| WARNING: (B) '0.0.0.0' is a subnetwork of (A) '0.0.0.0'
2014/03/19 16:43:41| WARNING: because of this '0.0.0.0' is ignored to keep splay tree searching predictable
2014/03/19 16:43:41| WARNING: You should probably remove '0.0.0.0' from the ACL named 'to_localhost'

The squid proxy service up and running but I do not like leaving these warnings.

These are the ACLs that are presenting problem:

acl all src all
acl manager1 proto cache_object
acl localhost src 127.0.0.1/32 192.168.1.29/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

Thanks in Advances.

What's your actual question here? Did you try just doing what it suggests? — Ƭᴇcʜιᴇ007, Mar 19 '14 at 21:48

score 19 · Answer 1 · answered May 02 '15 at 01:19

19

I'm a year late to the party, but the answer is that sometime from 3.2 to 3.4 the localhost, to_localhost and manager acls became builtin to squid3. Since you are redefining them in your squid.conf and yet are not changing the effective network sub-class, squid generates a warning error.

The solution, unless you really do want to redefine them, is to remove the definitions of localhost, to_localhost and manager from the acl definitions in squid.conf.

answered May 02 '15 at 01:19

Nick Coleman

303
2
6

It appears to be in the 3.1 to 3.2 update. – Zoredache Oct 15 '15 at 17:31
Mine was in debian7->8 which is 3.2 -> 3.4. Thanks Nick. – isaaclw Aug 31 '16 at 18:24

score -1 · Accepted Answer · answered Mar 19 '14 at 22:07

-1

Not terribly familiar with this setup, but it would appear to be the 4th line of the ACL. 0.0.0.0/32 encompasses the entire IPv4 address space. Specifying 127.0.0.0/8 is redundant. Try removing one and see if the warnings go away.

answered Mar 19 '14 at 22:07

Jim G.

3,250
15
19

2

/32 means exactly that address (all 32 bits), not none of the bits - so that matches no address. This special case is called the "unspecified address," and is treated as the source address for "this host on this network" - it's roughly equivalent to 127.0.0.1 in practice. Despite that practical duplication, it's not the cause of the error in the question. The other much later answer here explains what the actual problem is. :) – dannysauer May 29 '17 at 19:05

Squid Network - Warning subnetwork

2 Answers2