Re: Link failure on MinGW after Identd changes
Hi Amos, At 14.32 02/06/2009, Amos Jeffries wrote: If we can't resolve this easily we move the AclIdent.* files back to acls/ library. Which does close a potential dependency loop. Just found a fix/work around: Including squid.h instead of config.h in AclIdent.cc fix the export problem. But I cannot understand why :-( Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Re: Link failure on MinGW after Identd changes
Hi Amos, At 14.32 02/06/2009, Amos Jeffries wrote: Do you have "nm" utility under MingW to test the built .libs/libident.a to see if its actually exporting the right symbols? Yes, this is the output of nm --demangle ident/.libs/libident.a on Linux: AclIdent.o: r .LC0 000c r .LC1 003c r .LC10 000e r .LC2 0011 r .LC3 r .LC4 0014 r .LC5 001d r .LC6 0020 r .LC7 0029 r .LC8 0054 r .LC9 V DW.ref.__gxx_personality_v0 U _GLOBAL_OFFSET_TABLE_ 0140 t global constructors keyed to _ZN8ACLIdentD2Ev U _Unwind_Resume U SkipBuildPrefix(char const*) 00b0 t __static_initialization_and_destruction_0(int, int) V guard variable for ACLUserData::Pool()::thePool V guard variable for ACLRegexData::Pool()::thePool V guard variable for HttpHdrRange::Pool()::thePool V guard variable for HttpHeaderEntry::Pool()::thePool V guard variable for HttpHdrRangeSpec::Pool()::thePool V guard variable for acl_proxy_auth_match_cache::Pool()::thePool V guard variable for ACLList::Pool()::thePool V guard variable for ACLIdent::Pool()::thePool V guard variable for ev_entry::Pool()::thePool V guard variable for wordlist::Pool()::thePool W ACLUserData::Pool() 04a0 T IdentLookup::LookupDone(char const*, void*) 0090 T IdentLookup::Instance() B IdentLookup::instance_ W IdentLookup::~IdentLookup() W IdentLookup::~IdentLookup() W ACLChecklist::AsyncState::~AsyncState() W ACLChecklist::AsyncState::~AsyncState() U ACLChecklist::changeState(ACLChecklist::AsyncState*) U ACLChecklist::markFinished() U ACLChecklist::currentAnswer(allow_t) U ACLChecklist::asyncInProgress(bool) U ACLChecklist::check() U ACLChecklist::NullState::Instance() U MemAllocatorProxy::free(void*) U MemAllocatorProxy::alloc() U ACL::matchForCache(ACLChecklist*) W ACL::prepareForUse() U ACL::ACL() U ACL::~ACL() U Debug::finishDebug() U Debug::getDebugOut() U Debug::level U Debug::Levels U Ident::Start(IpAddress&, IpAddress&, void (*)(char const*, void*), void*) W ACLData::prepareForUse() W ACLData::~ACLData() W ACLData::~ACLData() W ACLIdent::Pool() 0190 T ACLIdent::match(ACLChecklist*) 07e0 T ACLIdent::parse() 0320 T ACLIdent::ACLIdent(ACLData*, char const*) 03c0 T ACLIdent::ACLIdent(ACLIdent const&) 0370 T ACLIdent::ACLIdent(ACLData*, char const*) 0430 T ACLIdent::ACLIdent(ACLIdent const&) 0ab0 T ACLIdent::~ACLIdent() 0780 T ACLIdent::~ACLIdent() 0a50 T ACLIdent::~ACLIdent() T ACLIdent::operator=(ACLIdent const&) 05d0 T IdentLookup::checkForAsync(ACLChecklist*) const U ACLChecklist::asyncState() const U ACLFilledChecklist::conn() const U ACL::requiresReply() const U ACL::requiresRequest() const U ACL::valid() const 0040 T ACLIdent::typeString() const W ACLIdent::isProxyAuth() const 0050 T ACLIdent::dump() const 0970 T ACLIdent::clone() const 0070 T ACLIdent::empty() const U std::ostream::operator<<(int) U std::ios_base::Init::Init() U std::ios_base::Init::~Init() 0004 b std::__ioinit U std::basic_ostream >& std::operator<< >(std::basic_ostreamstd::char_traits >&, char const*) V typeinfo for IdentLookup U typeinfo for ACLChecklist U typeinfo for ACLFilledChecklist U typeinfo for ACL V typeinfo for ACLData V typeinfo for ACLIdent V typeinfo for ACLChecklist::AsyncState V typeinfo name for IdentLookup V typeinfo name for ACLData V typeinfo name for ACLIdent V typeinfo name for ACLChecklist::AsyncState U vtable for ACLUserData V vtable for IdentLookup V vtable for ACLData V vtable for ACLIdent U vtable for __cxxabiv1::__class_type_info U vtable for __cxxabiv1::__si_class_type_info V vtable for ACLChecklist::AsyncState V ACLUserData::Pool()::thePool V ACLIdent::Pool()::thePool 000e r ACLIdent::match(ACLChecklist*)::__FUNCTION__ 0014 r ACLIdent::parse()::__FUNCTION__ r IdentLookup::checkForAsync(ACLChecklist*) const::__FUNCTION__ U __cxa_atexit U __cxa_call_unexpected U __cxa_guard_acquire U __cxa_guard_release U __cxa_pure_virtual U __dso_handle U __dynamic_cast U __gxx_personality_v0 T __i686.get_pc_thunk.bx T __i686.get_pc_thunk.cx 0160 t __tcf_0 0940 t __tcf_1 U dash_str U xassert U xfree U xstrncpy Ident.o: r .LC0 r .LC1 0068 r .LC10 006a
Re: Link failure on MinGW after Identd changes
Hi Amos, At 13.48 02/06/2009, Amos Jeffries wrote: > > I have already tried make distclean. > Any suggestion ? > > Regards > > Guido > Linked fine for me earlier I swear :). Oh well re-doing all the build tests again on the current 3.HEAD. Will have an answer in 2-3 hrs. I think that your test will be fine, on my Debian Linux machine the link works fine. Meanwhile, you could run distclean again and do a manual check that the src/.libs and ident/.libs and acls/.libs files are all gone properly. I can confirm that all .libs dirs are gone ... :-( Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Link failure on MinGW after Identd changes
Hi Amos, I have a strange problem: after your Ident changes, the link of squid is failing, while with the renamed files was working: /bin/sh ../libtool --tag=CXX --mode=link g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_FILE _OFFSET_BITS=64 -g -O2 -mthreads -g -o squid.exe -export-dynamic -dlopen force AclRegs.o AuthReg.o access_log .o AsyncEngine.o cache_cf.o ProtoPort.o CacheDigest.o cache_manager.o carp.o cbdata.o ChunkedCodingParser.o cl ient_db.o client_side.o client_side_reply.o client_side_request.o BodyPipe.o clientStream.o CompletionDispatch er.o comm_select.o comm_select_win32.o comm_poll.o comm_epoll.o comm_kqueue.o ConfigOption.o ConfigParser.o de bug.o delay_pools.o DelayId.o DelayBucket.o DelayConfig.o DelayPool.o DelaySpec.o DelayTagged.o DelayUser.o De layVector.o NullDelayId.o disk.o DiskIO/DiskIOModule.o DiskIO/ReadRequest.o DiskIO/WriteRequest.o dlink.o dns_ internal.o errorpage.o ETag.o event.o EventLoop.o external_acl.o ExternalACLEntry.o fd.o fde.o filemap.o forwa rd.o fqdncache.o ftp.o gopher.o helper.o htcp.o http.o HttpStatusLine.o HttpHdrCc.o HttpHdrRange.o HttpHdrSc.oHttpHdrScTarget.o HttpHdrContRange.o HttpHeader.o HttpHeaderTools.o HttpBody.o HttpMsg.o HttpReply.o HttpRequ est.o HttpRequestMethod.o icp_v2.o icp_v3.o int.o internal.o ipc_win32.o ipcache.o list.o logfile.o main.o me m.o mem_node.o MemBuf.o MemObject.o mime.o multicast.o neighbors.o Packer.o Parsing.o ProfStats.o pconn.o peer _digest.o peer_select.o peer_sourcehash.o peer_userhash.o redirect.o referer.o refresh.o RemovalPolicy.o send- announce.o snmp_core.o snmp_agent.o SquidNew.o ssl_support.o stat.o StatHist.o String.o stmem.o store.o StoreF ileSystem.o store_io.o StoreIOState.o store_client.o store_digest.o store_dir.o store_key_md5.o store_log.o st ore_rebuild.o store_swapin.o store_swapmeta.o store_swapout.o StoreMeta.o StoreMetaMD5.o StoreMetaSTD.o StoreM etaSTDLFS.o StoreMetaUnpacker.o StoreMetaURL.o StoreMetaVary.o StoreSwapLogData.o Server.o SwapDir.o time.o to ols.o tunnel.o unlinkd.o url.o URLScheme.o urn.o useragent.o wccp.o wccp2.o whois.o wordlist.o win32.o WinSvc. o LoadableModule.o LoadableModules.o DiskIO/DiskIOModules_gen.o repl_modules.o globals.o string_arrays.o libsq uid.la auth/libacls.la ident/libident.la acl/libacls.la acl/libstate.la auth/libauth.la acl/libapi.la base/lib base.la ip/libip.la fs/libfs.la icmp/libicmp.la icmp/libicmp-core.la ../compat/libcompat.la -L../lib DiskIO/ Blocking/BlockingDiskIOModule.o DiskIO/AIO/AIODiskIOModule.o DiskIO/DiskThreads/DiskThreadsDiskIOModule.o repl /libheap.a repl/liblru.a libBlocking.a libAIO.a libDiskThreads.a -lcrypt ../snmplib/libsnmp.a adaptation/liba daptation.la esi/libesi.la ../lib/libTrie/src/libTrie.a -lssleay32 -leay32 -lgdi32 -lmiscutil -lexpat -lxml2-lmingwex ../lib/libLtdl/libltdlc.la -lpsapi -liphlpapi -lws2_32 rm -f .libs/squid.exe.nm .libs/squid.exe.nmS .libs/squid.exe.nmT creating .libs/squid.exeS.c (cd .libs && gcc -c -fno-builtin "squid.exeS.c") rm -f .libs/squid.exeS.c .libs/squid.exe.nm .libs/squid.exe.nmS .libs/squid.exe.nmT g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_FILE_OFFSET_BITS=64 -g -O2 -mthreads -g -o squ id.exe .libs/squid.exeS.o AclRegs.o AuthReg.o access_log.o AsyncEngine.o cache_cf.o ProtoPort.o CacheDigest.ocache_manager.o carp.o cbdata.o ChunkedCodingParser.o client_db.o client_side.o client_side_reply.o client_sid e_request.o BodyPipe.o clientStream.o CompletionDispatcher.o comm_select.o comm_select_win32.o comm_poll.o com m_epoll.o comm_kqueue.o ConfigOption.o ConfigParser.o debug.o delay_pools.o DelayId.o DelayBucket.o DelayConfi g.o DelayPool.o DelaySpec.o DelayTagged.o DelayUser.o DelayVector.o NullDelayId.o disk.o DiskIO/DiskIOModule.oDiskIO/ReadRequest.o DiskIO/WriteRequest.o dlink.o dns_internal.o errorpage.o ETag.o event.o EventLoop.o exte rnal_acl.o ExternalACLEntry.o fd.o fde.o filemap.o forward.o fqdncache.o ftp.o gopher.o helper.o htcp.o http.oHttpStatusLine.o HttpHdrCc.o HttpHdrRange.o HttpHdrSc.o HttpHdrScTarget.o HttpHdrContRange.o HttpHeader.o Htt pHeaderTools.o HttpBody.o HttpMsg.o HttpReply.o HttpRequest.o HttpRequestMethod.o icp_v2.o icp_v3.o int.o inte rnal.o ipc_win32.o ipcache.o list.o logfile.o main.o mem.o mem_node.o MemBuf.o MemObject.o mime.o multicast.oneighbors.o Packer.o Parsing.o ProfStats.o pconn.o peer_digest.o peer_select.o peer_sourcehash.o peer_userhash .o redirect.o referer.o refresh.o RemovalPolicy.o send-announce.o snmp_core.o snmp_agent.o SquidNew.o ssl_supp ort.o stat.o StatHist.o String.o stmem.o store.o StoreFileSystem.o store_io.o StoreIOState.o store_client.o st ore_digest.o store_dir.o store_key_md5.o store_log.o store_rebuild.o store_swapin.o store_swapmeta.o store_swa pout.o StoreMeta.o StoreMetaMD5.o StoreMetaSTD.o StoreMetaSTDLFS.o StoreMetaUnpacker.o S
Re: R: /bzr/squid3/trunk/ r9713: MFC: Back out unintended md5 -> squid_md5 substituions from the md5.h -> squid_md5.h name change
Hi Amos, At 12.21 02/06/2009, Amos Jeffries wrote: AFAICT the config.test are only used on windows builds so it is indeed likely not to have been built in a long time. No, this is wrong: config.test is always used on all OS if you don't specify the list of helpers to be build. For example config.test prevents from build failures of Windows native helpers on other OS. The build of squid_radius_auth was failing on my Debian Linux machine. Regards - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
File system name conflicts on Windows
Hi, This is from acl/Ident.c: #include "acl/Ident.h" #include "ident.h" This cannot work on Windows, because the acl/Ident.h file will be included two times ... What rule should be used to rename one of the conflicting files ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Re: Squid 3 build failure on MinGW
Hi Amos, At 14.33 31/05/2009, Amos Jeffries wrote: I've seen this occur under 2 cases. One was when a .h in the core section failed to include config.h outside its wrapping protection. A circular include developed and broke things. Just found the problem: a min() & max() definition as macro into MinGW includes file. I'ts a "feature" of the latest version ... :-( And when the namespace for something was screwed up. It wouldn't be needing that nasty "using namespace Squid;" hack would it? This hack is needed for the FD <==> sockets equivalence. Regards Guido Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1 - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Squid 3 build failure on MinGW
Hi, I have a little of free time, and I'm trying to build Squid 3 on MinGW, but I'm getting the following error: if /bin/sh ../../libtool --tag=CXX --mode=compile g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../src -I../../include -I/usr/include/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_FILE_OFFSET_BITS=64 -g -O2 -mthreads -MT IntRange.lo -MD -MP -MF ".deps/IntRange.Tpo" -c -o IntRange.lo IntRange.cc; \ then mv -f ".deps/IntRange.Tpo" ".deps/IntRange.Plo"; else rm -f ".deps/IntRange.Tpo"; exit 1; fi g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../src -I../../include -I/usr/include/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_FILE_OFFSET_BITS=64 -g -O2 -mthreads -MT IntRange.lo -MD -MP -MF .deps/IntRange.Tpo -c IntRange.cc -DDLL_EXPORT -DPIC -o .libs/IntRange.o ../../include/Range.h: In member function `Range Range::intersection(const Range&) const [with C = int]': IntRange.cc:92: instantiated from here ../../include/Range.h:77: error: `max' was not declared in this scope ../../include/Range.h:77: error: `min' was not declared in this scope ../../include/Range.h:77: warning: unused variable 'max' ../../include/Range.h:77: warning: unused variable 'min' make[3]: *** [IntRange.lo] Error 1 make[3]: Leaving directory `/c/work/mgw-3.nt/src/acl' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/c/work/mgw-3.nt/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/c/work/mgw-3.nt/src' make: *** [all-recursive] Error 1 Someone could help me ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Re: [PATCH] getservbyname fix for windows
Hi Amos, I have just tested the squid-2 version of the patch, and it works fine. Index: src/cache_cf.c === RCS file: /cvsroot/squid/squid/src/cache_cf.c,v retrieving revision 1.510 diff -u -p -r1.510 cache_cf.c --- src/cache_cf.c 21 May 2009 03:08:57 - 1.510 +++ src/cache_cf.c 30 May 2009 13:49:15 - @@ -1765,6 +1765,23 @@ dump_peer(StoreEntry * entry, const char } } +/* + * utility function to prevent getservbyname() being called with a numeric value + * on Windows at least it returns garage results. + */ +static int +isUnsignedNumeric(const char *str, size_t len) +{ +if (len < 1) + return 0; + +for (; len > 0 && *str; str++, len--) { + if (!isdigit(*str)) + return 0; +} +return 1; +} + static u_short GetService(const char *proto) { @@ -1774,7 +1791,8 @@ GetService(const char *proto) self_destruct(); return -1; /* NEVER REACHED */ } -port = getservbyname(token, proto); +if (!isUnsignedNumeric(token, strlen(token))) + port = getservbyname(token, proto); if (port != NULL) { return ntohs((u_short) port->s_port); } If there are no opposition, I will commit it tomorrow. Regards Guido At 05.12 30/05/2009, Amos Jeffries wrote: The result of our discussions so far. Someone please double-check me then its in. Amos -- - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
make dist-all fails on trunk
Hi Amos, On a machine where squid_kerb_auth cannot be compiled, 'make dist-all' fails: make[3]: Entering directory `/home/serassio/nt-3.HEAD/helpers/negotiate_auth/mswin_sspi' make[3]: Leaving directory `/home/serassio/nt-3.HEAD/helpers/negotiate_auth/mswin_sspi' make[3]: Entering directory `/home/serassio/nt-3.HEAD/helpers/negotiate_auth/squid_kerb_auth' make[3]: *** No rule to make target `distdir'. Stop. make[3]: Leaving directory `/home/serassio/nt-3.HEAD/helpers/negotiate_auth/squid_kerb_auth' make[2]: *** [distdir] Error 1 make[2]: Leaving directory `/home/serassio/nt-3.HEAD/helpers/negotiate_auth' make[1]: *** [distdir] Error 1 make[1]: Leaving directory `/home/serassio/nt-3.HEAD/helpers' make: *** [distdir] Error 1 This is not correct, and it doesn't happens on Squid 2. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Squid 3 build error using Visual Studio
Hi, Trying to build the current Squid 3 source using Visual Studio 2005 on Windows, I get the following error. Any C++ suggestion ? Compiling... mem.cc c:\work\nt-3.0\src\StoreEntryStream.h(119) : error C2512: 'std::basic_ostream<_Elem,_Traits>' : no appropriate default constructor available with [ _Elem=char, _Traits=std::char_traits ] Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: /dev/poll support is in squid-2.6
Hi Adrian, At 02.58 26/06/2007, Adrian Chadd wrote: On Mon, Jun 25, 2007, Guido Serassio wrote: > 2007/06/25 22:52:01| Accepting HTCP messages on port 4827, FD 14. > 2007/06/25 22:52:01| Accepting SNMP messages on port 3401, FD 15. > 2007/06/25 22:52:01| WCCP Disabled. > 2007/06/25 22:52:01| Pinger socket opened on FD 17 > 2007/06/25 22:52:01| NETDB state reloaded; 24 entries, 39 msec > 2007/06/25 22:52:01| Ready to serve requests. > 2007/06/25 22:52:01| assertion failed: comm_devpoll.c:106: "i > 0" > > Some suggestion ? This is a 32 bit machine. I haven't yet had time to repair the IRIX box i have here (octane) but I'll try to do so soon. If you like, I can give to you the full access to my machine, this is a test only old O2 box. At that point try print devpoll_update.pfds, devpoll_update.cur, i, and errno. 2007/06/30 16:25:35| Accepting SNMP messages on port 3401, FD 14. 2007/06/30 16:25:35| WCCP Disabled. 2007/06/30 16:25:35| Ready to serve requests. 2007/06/30 16:25:35| assertion failed: comm_devpoll.c:106: "i > 0" Program received signal SIGABRT, Aborted. 0x0fa61648 in _kill () at /xlv46/6.5.22m/work/irix/lib/libc/libc_n32_M4/signal/kill.s:15 15 /xlv46/6.5.22m/work/irix/lib/libc/libc_n32_M4/signal/kill.s: No such file or directory. in /xlv46/6.5.22m/work/irix/lib/libc/libc_n32_M4/signal/kill.s Current language: auto; currently asm (gdb) backtrace #0 0x0fa61648 in _kill () at /xlv46/6.5.22m/work/irix/lib/libc/libc_n32_M4/signal/kill.s:15 #1 0x0fade6f4 in _raise () at raise.c:27 #2 0x0fa7c038 in abort () at abort.c:52 #3 0x1004e72c in xassert (msg=0x10668 , file=0x6 , line=513992) at debug.c:514 #4 0x1004d3ec in comm_flush_updates () at comm_devpoll.c:109 #5 0x1004d964 in do_comm_select (msec=67176) at comm_devpoll.c:202 #6 0x1004d0c0 in comm_select (msec=0) at comm_generic.c:386 #7 0x1008d348 in main (argc=0, argv=0x7fff2f64) at main.c:838 (gdb) print devpoll_update.pfds $1 = (struct pollfd *) 0x102e5c50 (gdb) print devpoll_update.cur $2 = 66 (gdb) print i No symbol "i" in current context. (gdb) print errno $3 = 22 Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Various COSS minor problems
Hi, At 02.30 26/09/2006, Adrian Chadd wrote: On Sun, Sep 24, 2006, Guido Serassio wrote: > AioDone() now is called from StoreAufsDirDone() during squid shutdown > and calls squidaio_shutdown(). We must be sure that AioDone() is > executed once after both aufs and COSS shutdown. > I think that we could add a reference counter incremented after every > AioInit() call and decremented after any AioDone(). When the counter > is 0, AioDone is really executed. I'd just put it in the main shutdown code, after the filesystems have been flushed and shut down. Its much less pain. Then all you need is a check to make sure AioDone() only does its thing if AioInit() was called. Here a proposed patch using an usage counter. Thats my fault for introducing it. Just bump the log level up to debug(blah, 2) and it should go away? Done. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/ coss.patch Description: Binary data
Various COSS minor problems
Hi, I'm trying the port of COSS on Windows using Ovelapped I/O, and I have found some minor problems. - During squid shutdown, storeCossDirShutdown() is never invoked, because it's registered ad sd->freefs, this is executed from configFreeMemory() only when LEAK_CHECK_MODE is defined, and after storeCossDirDone(), this is the cache.log content: 2006/09/23 14:29:19| aioSync: done 2006/09/23 14:29:19| Open FD 24 /usr/local/squid/var/cache1/stripe 2006/09/23 14:29:19| Squid Cache (Version 2.6.STABLE4-CVS): Exiting normally. This is easy to fix, because it was already fixed in old 2.6 Windows port. - AioDone, when AIOPS is used only from COSS, is not called during shutdown. This must be fixed carefully. - The COSS store is always declared DIRTY during the startup and always rebuild, is correct ? - When a new stripe file is created, the rebuild process is very strange: it try to read from the stripe for the all configured size: this fails always on Windows, with all I/O method. For this reason, I must delay the coss port on Windows. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: make distclean annoyance
Hi Duane, At 20.04 01/12/2005, Duane Wessels wrote: Does anyone know how to make 'make distclean' work again for squid3? Making distclean in auth ... rm -rf basic/.deps digest/.deps negotiate/.deps ntlm/.deps ... Making distclean in . "Makefile", line 2358: Could not find auth/basic/.deps/basicScheme.Po "Makefile", line 2359: Could not find auth/digest/.deps/digestScheme.Po "Makefile", line 2360: Could not find auth/negotiate/.deps/negotiateScheme.Po "Makefile", line 2361: Could not find auth/ntlm/.deps/ntlmScheme.Po "Makefile", line 2363: Could not find fs/coss/.deps/StoreFScoss.Po "Makefile", line 2365: Could not find fs/null/.deps/StoreFSnull.Po "Makefile", line 2366: Could not find fs/ufs/.deps/StoreFSufs.Po make: fatal errors encountered -- cannot continue I think that there is something wrong in our Mafefile.am files: I get a different error running "make distclean": [EMAIL PROTECTED]:~/squid3$ make distclean Making distclean in test-suite make[1]: Entering directory `/home/serassio/squid3/test-suite' rm -f debug debug rm -f ESIExpressions ESIExpressions rm -f http_range_test http_range_test rm -f MemPoolTest MemPoolTest rm -f mem_node_test mem_node_test rm -f mem_hdr_test mem_hdr_test rm -f refcount refcount rm -f rfc1738 rfc1738 rm -f splay splay rm -f StackTest StackTest rm -f syntheticoperators syntheticoperators rm -f VirtualDeleteOperator VirtualDeleteOperator rm -rf .libs _libs rm -f *.o rm -f *.lo rm -f *.tab.c test -z "" || rm -f rm -f libtool rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags rm -rf ./.deps rm -f Makefile make[1]: Leaving directory `/home/serassio/squid3/test-suite' cutted output Making distclean in src make[1]: Entering directory `/home/serassio/squid3/src' Makefile:2144: ../test-suite/.deps/test_tools.Po: No such file or directory make[1]: *** No rule to make target `../test-suite/.deps/test_tools.Po'. Stop. make[1]: Leaving directory `/home/serassio/squid3/src' make: *** [distclean-recursive] Error 1 This problem is present from a long time. This happens because we have a reference to test-suite/test_tools.cc in both src/Makefile.am and test-suite\Makefile.am, causing "make distclean" to always fail. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Summary of Squid-2.6 opinions
Hi Adrian, At 13.56 02/12/2005, Adrian Chadd wrote: On Fri, Dec 02, 2005, Serassio Guido wrote: > >I think it'd be good if a decision was finalised soon, although > >given the diverse opinions guess not everyone is going to be happy :( > > I agree, we have loosed another month waiting for something :-( I'm getting more time to fix some weirdness I'm seeing. I'm happy. :) Good, so not all time was wasted !!! :-) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Summary of Squid-2.6 opinions
Hi Rueben, At 00.24 02/12/2005, Reuben Farrelly wrote: Hi, On 2/11/2005 3:05 a.m., Henrik Nordstrom wrote: Summary of the opinions regarding a Squid-2.6 release Full in favor, including performance enhancements: http://squidwiki.kinkie.it/Squid-2.6 What was the final outcome of the 2.6 release suggestions? I think it'd be good if a decision was finalised soon, although given the diverse opinions guess not everyone is going to be happy :( I agree, we have loosed another month waiting for something :-( Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
64 bit broken again !!!!
Hi Duane, Some days ago I have asked you about the 64 bit compatibility of the incoming ICAP support without any response. Now, after the commit, really I'm wondering why again Squid 3 doesn't build on 64 bit machines. Why this code was not tested ? Why other developers always should fix your commits ? This is not the correct way for a 3.0 Squid release in a short time Some days ago, Alex Rousskov wrote: "IMO, serious Squid2 development is a masochistic activity. The same can be said about current Squid3." Today I agree with Alex about Squid3 :-( Regards Guido make[4]: Entering directory `/home/serassio/squid3/src/ICAP' if g++ -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include -I../../include -I../../src -I/usr/includ e/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_REENTRANT -g -O2 -MT ICAPModXact.o -MD -MP -MF ".deps/ICAPModXact.Tpo" -c -o ICAPModXact.o ICAPModXact.cc; \ then mv -f ".deps/ICAPModXact.Tpo" ".deps/ICAPModXact.Po"; else rm -f ".deps/ICAPModXact.Tpo"; exit 1; fi ICAPModXact.cc: In member function `void ICAPModXact::openChunk(MemBuf&, long unsigned int)': ICAPModXact.cc:308: warning: unsigned int format, different type arg (arg 3) ICAPModXact.cc: In member function `void ICAPModXact::makeRequestHeaders(MemBuf&)': ICAPModXact.cc:895: warning: int format, different type arg (arg 3) ICAPModXact.cc:897: warning: int format, different type arg (arg 3) ICAPModXact.cc:899: warning: int format, different type arg (arg 3) ICAPModXact.cc: In member function `void ICAPModXact::encapsulateHead(MemBuf&, const char*, MemBuf&, const HttpMsg*)': ICAPModXact.cc:925: warning: int format, different type arg (arg 4) ICAPModXact.cc: In member function `virtual void ICAPModXact::fillPendingStatus(MemBuf&) const': ICAPModXact.cc:997: warning: int format, different type arg (arg 3) make[4]: *** [ICAPModXact.o] Error 1 make[4]: Leaving directory `/home/serassio/squid3/src/ICAP' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/home/serassio/squid3/src/ICAP' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/serassio/squid3/src' make[1]: *** [all] Error 2 make[1]: Leaving directory `/home/serassio/squid3/src' make: *** [all-recursive] Error 1 - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: cvs commit: squid3/src/ICAP ChunkedCodingParser.cc ChunkedCodingParser.h ICAPAnchor.cc ICAPAnchor.h ICAPClient.cc ICAPClient.h ICAPClientSideHook.cc ICAPClientSideHook.h ICAPClientStream.cc ICA
Hi Duane, At 00.32 22/11/2005, [EMAIL PROTECTED] wrote: wessels 2005/11/21 16:32:59 MST Added files: src/ICAP ChunkedCodingParser.cc ChunkedCodingParser.h ICAPAnchor.cc ICAPAnchor.h ICAPClient.cc ICAPClient.h ICAPClientSideHook.cc ICAPClientSideHook.h ICAPClientStream.cc ICAPClientStream.h ICAPConfig.cc ICAPConfig.h ICAPElements.cc ICAPElements.h ICAPModXact.cc ICAPModXact.h ICAPOptXact.cc ICAPOptXact.h ICAPOptions.cc ICAPOptions.h ICAPServiceRep.cc ICAPServiceRep.h ICAPXaction.cc ICAPXaction.h Makefile.am Makefile.in MsgPipe.cc MsgPipe.h MsgPipeData.h MsgPipeEnd.h MsgPipeSink.h MsgPipeSource.h TextException.cc TextException.h Log: Adding ICAP library files It seems that LeakFinder.h is missing in your commit. Duane: after any commit it would be better if you check if squid builds correctly. Regards Guido make[4]: Entering directory `/home/serassio/squid3/src/ICAP' if g++ -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include -I../../include -I../../src -I/usr/includ /libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_REENTRANT -g -O2 -MT ChunkedCodingP rser.o -MD -MP -MF ".deps/ChunkedCodingParser.Tpo" -c -o ChunkedCodingParser.o ChunkedCodingParser.cc; \ then mv -f ".deps/ChunkedCodingParser.Tpo" ".deps/ChunkedCodingParser.Po"; else rm -f ".deps/ChunkedCodin Parser.Tpo"; exit 1; fi if g++ -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include -I../../include -I../../src -I/usr/includ /libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_REENTRANT -g -O2 -MT ICAPClientResp odPrecache.o -MD -MP -MF ".deps/ICAPClientRespmodPrecache.Tpo" -c -o ICAPClientRespmodPrecache.o ICAPClie tRespmodPrecache.cc; \ then mv -f ".deps/ICAPClientRespmodPrecache.Tpo" ".deps/ICAPClientRespmodPrecache.Po"; else rm -f ".deps/ CAPClientRespmodPrecache.Tpo"; exit 1; fi ICAPClientRespmodPrecache.cc:13:24: LeakFinder.h: No such file or directory ICAPClientRespmodPrecache.cc:17: error: syntax error before `*' token ICAPClientRespmodPrecache.cc: In member function `void ICAPClientRespmodPrecache::startRespMod(HttpStateData*, HttpRequest*, HttpReply*)': ICAPClientRespmodPrecache.cc:44: error: `MsgPipeLeaker' undeclared (first use this function) ICAPClientRespmodPrecache.cc:44: error: (Each undeclared identifier is reported only once for each function it appears in.) ICAPClientRespmodPrecache.cc:44: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `void ICAPClientRespmodPrecache::sendMoreData(StoreIOBuffer)': ICAPClientRespmodPrecache.cc:77: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `int ICAPClientRespmodPrecache::potentialSpaceSize()': ICAPClientRespmodPrecache.cc:88: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `void ICAPClientRespmodPrecache::doneSending()': ICAPClientRespmodPrecache.cc:106: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `virtual void ICAPClientRespmodPrecache::noteSinkNeed(MsgPipe*)': ICAPClientRespmodPrecache.cc:123: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `virtual void ICAPClientRespmodPrecache::noteSourceStart(MsgPipe*)': ICAPClientRespmodPrecache.cc:141: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `virtual void ICAPClientRespmodPrecache::noteSourceProgress(MsgPipe*)': ICAPClientRespmodPrecache.cc:159: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `virtual void ICAPClientRespmodPrecache::noteSourceFinish(MsgPipe*)': ICAPClientRespmodPrecache.cc:171: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `virtual void ICAPClientRespmodPrecache::noteSourceAbort(MsgPipe*)': ICAPClientRespmodPrecache.cc:180: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `void ICAPClientRespmodPrecache::stop(ICAPClientRespmodPrecache::Notify)': ICAPClientRespmodPrecache.cc:188: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member function `void ICAPClientRespmodPrecache::freeVirgin()': ICAPClientRespmodPrecache.cc:225: error: `leakTouch' undeclared (first use this function) ICAPClientRespmodPrecache.cc: In member funct
Re: cvs commit: squid3/helpers/basic_auth/winbind .cvsignore
Hi Duane, Il 23.12 21/11/2005 [EMAIL PROTECTED] ha scritto: wessels 2005/11/21 15:12:20 MST Added files: helpers/basic_auth/winbind .cvsignore Log: adding .cvsignore files There is something wrong here and in the other winbind related commit: winbind helper are no more provided with Squid 3. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Adding ICAP to Squid-3
Hi Duane, At 18.53 11/11/2005, Duane Wessels wrote: Some of you may know that Alex and myself have been working on adding ICAP to Squid-3. We have been committing the code to a branch on sourceforge, but we plan to bring the new code to squid-cache.org CVS soon. Our plan is to put the ICAP source code into a src/ICAP subdirectory. It will be compiled into a library. There will also be a variety of changes to other parts of Squid that we found were necessary to support ICAP. We have already committed some of these changes to squid-cache.org CVS in advance, but a few more, hopefully minor changes, will be coming as well. Please let us know if you forsee any problems with this plan. For me ICAP in Squid 3 is welcome. Only a question: the build of new code was test on a 64 bit machine ? Currently Squid 3 builds fine on 64 bit machines after a long period of build errors, so I think that break again this is not desirable. In the case that you need a 64 bit test machine, I can provide to you the access on a Tru64 Alpha based system. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
.cvsignore files
Hi, What should be the standard content of a .cvsignore file ? Looking into HEAD, 2.5 and Sourceforge branches I have found variable contents. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Some Negotiate/SPNEGO questions
Hi Henrik, At 13.58 06/11/2005, Henrik Nordstrom wrote: r-> was missing there in the Squid-3 port. Was calling cbdataReferenceValid() on the wrong pointer. Yes, now it works: Squid crashes gracefully on the fatal(). According to the TODO comment in the code, we must remember to add the handling of this situation before the release. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Some Negotiate/SPNEGO questions
Hi Henrik, At 22.40 05/11/2005, Henrik Nordstrom wrote: - On Squid 3.0, testing Samba 4 ntlm_auth, I have found that when the auth helper crashes, Squid crashes too: 2005/11/04 23:12:44| assertion failed: cbdata.cc:450: "c->locks > 0" Quite likely related to the above, but a stack trace would be nice.. Crashed: 2005/11/06 09:29:27| Validated 1915 Entries 2005/11/06 09:29:27| store_swap_size = 6876 2005/11/06 09:29:28| storeLateRelease: released 0 objects 2005/11/06 09:29:33| assertion failed: cbdata.cc:450: "c->locks > 0" Program received signal SIGABRT, Aborted. 0x4018183b in raise () from /lib/tls/libc.so.6 (gdb) backtrace #0 0x4018183b in raise () from /lib/tls/libc.so.6 #1 0x40182fa2 in abort () from /lib/tls/libc.so.6 #2 0x080899f9 in xassert (msg=0x0, file=0x0, line=0) at debug.cc:524 #3 0x0806dafb in cbdataReferenceValid (p=0x8560140) at cbdata.cc:453 #4 0x080f40f3 in authenticateNegotiateHandleReply (data=0x8560150, lastserver=0x82f3ab0, reply=0x0) at negotiate/auth_negotiate.cc:387 #5 0x080a17f6 in helperStatefulServerFree (fd=8, data=0x82f3ab0) at helper.cc:851 #6 0x08083992 in commCallCloseHandlers (fd=8) at comm.cc:1605 #7 0x08083e9a in _comm_close (fd=8, file=0x0, line=0) at comm.cc:1787 #8 0x080810e5 in CommReadCallbackData::callCallback (this=0x6) at comm.cc:397 #9 0x0808121e in CommCallbackData::callACallback (this=0x85298b8) at comm.cc:436 #10 0x08081278 in comm_calliocallback () at comm.cc:471 #11 0x080bae9a in main (argc=0, argv=0x0) at main.cc:1161 Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Some Negotiate/SPNEGO questions
Hi Henrik, At 22.40 05/11/2005, Henrik Nordstrom wrote: - On Squid 3.0, testing Samba 4 ntlm_auth, I have found that when the auth helper crashes, Squid crashes too: 2005/11/04 23:12:44| assertion failed: cbdata.cc:450: "c->locks > 0" Quite likely related to the above, but a stack trace would be nice.. Tomorrow I will try to crash it again, it should not be hard ... :- Indeed... placeholder status can never be on a helper, only on a request.. (a request has placeholder status while it is waiting for a helper to become available) If you like, I could start to cleaning the code into negotiate-2_5. Henrik, it seems that the last night there was no synchronization between squid-cache.org and Sourceforge. When this happens, there is something that can I do to force the sync ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Some Negotiate/SPNEGO questions
Hi Henrik, I have some questions/info about Negotiate/SPNEGO. - In the negotiate-2_5 branch there is still the ntlm 'use_ntlm_negotiate' option, is intentional ? - I have found some instability in the 2.5 Negotiate code when al helpers are busy: I have lowered to 2 the number of helpers, after Squid says this: 2005/10/30 12:21:09| WARNING: All negotiateauthenticator processes are busy. and stops to respond to requests. After I need to restart or reconfigure Squid. From cachemgr the helpers are reported as idle. - On Squid 3.0, testing Samba 4 ntlm_auth, I have found that when the auth helper crashes, Squid crashes too: 2005/11/04 23:05:11| store_swap_size = 0 2005/11/04 23:05:11| storeLateRelease: released 0 objects =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INTERNAL ERROR: Signal 11 in pid 19487 (3.9.0-SVN-build-11442) Please read the file BUGS.txt in the distribution =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PANIC: internal error BACKTRACE: 18 stack frames: #0 (ntlm_auth) [0x81f623b] #1 (ntlm_auth) [0x81f6486] #2 (ntlm_auth) [0x81f6554] #3 (ntlm_auth) [0x81f6594] #4 [0xe420] #5 (ntlm_auth) [0x8247f7c] #6 (ntlm_auth) [0x824ca9b] #7 (ntlm_auth) [0x818c660] #8 (ntlm_auth) [0x818c87d] #9 (ntlm_auth) [0x8249600] #10 (ntlm_auth) [0x824a143] #11 (ntlm_auth) [0x818ceba] #12 (ntlm_auth) [0x804ee97] #13 (ntlm_auth) [0x8050058] #14 (ntlm_auth) [0x80500be] #15 (ntlm_auth) [0x80506e8] #16 /lib/tls/libc.so.6(__libc_start_main+0xf4) [0x40078974] #17 (ntlm_auth) [0x804e041] 2005/11/04 23:12:44| assertion failed: cbdata.cc:450: "c->locks > 0" 2005/11/04 23:12:47| Starting Squid Cache version 3.0-PRE3-CVS for i686-pc-linux-gnu... 2005/11/04 23:12:47| Process ID 24918 - Final question, not directly related to Negotiate: In Squid 2.5, in the helper stats there is a reference to "A = ALIVE" and "P = PLACEHOLDER" status of helper, but this is never printed. I think that should be a forgotten cleanup. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Squid 3 + Samba 4 + SPNEGO Alive !!!
Hi Andrew, Very good news: Samba 4 SPNEGO authentication is working with latest Squid 3.0 code. My current test environment: Samba 3.9.0-SVN-build-11503 member of a Windows 2003 domain, latest Squid 3.0 and Firefox 1.5RC1 running on a Windows 2000 machine on the client side. Only Squid 3.0 enabled authentication protocol is Negotiate. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Forward port of connection pinning to 3.0
Hi Henrik, If you agree and if you think that the code is OK, I like to try to forward port the connection pinning patch to 3.0. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 23.06 01/11/2005, Andrew Bartlett wrote: > I can confirm to you that the SPN problem is fixed, the Samba 4 > machine was joined fine to the domain, and now I am able to see the > list of the shares from a Windows 2000 machine, but I cannot connect > to any share. There is something like Samba 3 'username map' in Samba 4 ? A known problem. We are working on winbindd, and that will start to get things going again. OK, this not a problem. > > I have tried to use Squid with ntlm_auth and Negotiate (gss-spnego), but > > Unable to open tdb '/usr/local/samba/private/secrets.ldb' > Failed to connect to '/usr/local/samba/private/secrets.ldb' > Could not open secrets.ldb This sounds stupid, but you will need to either run Squid as root, or give world access to secrets.ldb. This will change before release... OK, I will do a try. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Updates on Squid Negotiate status
Hi Henrik, Some new about the status of Negotiate support: I have fixed the crash problem in the Windows helper that you have seen in my office, and now the Negotiate NTLM fallback works fine. It's very easy to force Negotiate in NTLM mode: just try to authenticate against a proxy without SPNs defined, Kerberos cannot be used and so Negotiate uses NTLM. A simple question: What should be the default order of authentication schema in cf.data.pre ? Now is ntlm, negotiate, digest and basic. But I think that It should be digest, negotiate, ntlm and basic, It's correct ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrews, At 03.18 28/10/2005, Andrew Bartlett wrote: This was a regression. I've fixed this now. Some news: I can confirm to you that the SPN problem is fixed, the Samba 4 machine was joined fine to the domain, and now I am able to see the list of the shares from a Windows 2000 machine, but I cannot connect to any share. There is something like Samba 3 'username map' in Samba 4 ? Another question, the SPNs created from net join are: C:\>setspn -L vm-sarge Registered ServicePrincipalNames for CN=VM-SARGE,CN=Computers,DC=acmeconsulting,DC=loc: host/vm-sarge/ACMECONSULTING host/vm-sarge.acmeconsulting.loc/ACMECONSULTING host/vm-sarge/acmeconsulting.loc host/vm-sarge.acmeconsulting.loc/acmeconsulting.loc host/vm-sarge host/vm-sarge.acmeconsulting.loc The first four are correct ? I have tried to use Squid with ntlm_auth and Negotiate (gss-spnego), but Unable to open tdb '/usr/local/samba/private/secrets.ldb' Failed to connect to '/usr/local/samba/private/secrets.ldb' Could not open secrets.ldb =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INTERNAL ERROR: Signal 11 in pid 29489 (3.9.0-SVN-build-11442) Please read the file BUGS.txt in the distribution =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PANIC: internal error BACKTRACE: 16 stack frames: #0 (ntlm_auth) [0x81f5c03] #1 (ntlm_auth) [0x81f5e4e] #2 (ntlm_auth) [0x81f5f1c] #3 (ntlm_auth) [0x81f5f5c] #4 [0xe420] #5 (ntlm_auth) [0x818c428] #6 (ntlm_auth) [0x818c645] #7 (ntlm_auth) [0x8248f18] #8 (ntlm_auth) [0x8249a5b] #9 (ntlm_auth) [0x818cc82] #10 (ntlm_auth) [0x804ee97] #11 (ntlm_auth) [0x8050058] #12 (ntlm_auth) [0x80500be] #13 (ntlm_auth) [0x80506e8] #14 /lib/tls/libc.so.6(__libc_start_main+0xf4) [0x40078974] #15 (ntlm_auth) [0x804e041] A similar thing happens trying basic auth from command line: vm-sarge:/usr/local/samba# ntlm_auth --helper-protocol=squid-2.5-basic --debuglevel=10 Initialising global parameters lp_load: refreshing parameters from /usr/local/samba/lib/smb.conf params.c:pm_process() - Processing configuration file "/usr/local/samba/lib/smb.conf" Processing section "[globals]" pm_process() returned Yes adding hidden service IPC$ adding hidden service ADMIN$ added interface ip=172.30.128.13 bcast=172.30.128.255 nmask=255.255.255.0 AUTH backend 'sam' registered AUTH backend 'sam_ignoredomain' registered AUTH backend 'winbind' registered GENSEC backend 'krb5' registered gensec subsystem fake_gssapi_krb5 is disabled AUTH backend 'unix' registered GENSEC backend 'schannel' registered AUTH backend 'name_to_ntstatus' registered AUTH backend 'fixed_challenge' registered GENSEC backend 'spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'ntlmssp' registered AUTH backend 'anonymous' registered pippo pippo Got 'pippo pippo' from squid (length: 11). =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INTERNAL ERROR: Signal 11 in pid 29503 (3.9.0-SVN-build-11442) Please read the file BUGS.txt in the distribution =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PANIC: internal error BACKTRACE: 12 stack frames: #0 ntlm_auth [0x81f5c03] #1 ntlm_auth [0x81f5e4e] #2 ntlm_auth [0x81f5f1c] #3 ntlm_auth [0x81f5f5c] #4 [0xe420] #5 ntlm_auth [0x804e202] #6 ntlm_auth [0x804e462] #7 ntlm_auth [0x8050058] #8 ntlm_auth [0x80500be] #9 ntlm_auth [0x80506e8] #10 /lib/tls/libc.so.6(__libc_start_main+0xf4) [0x40078974] #11 ntlm_auth [0x804e041] Aborted Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Summary of Squid-2.6 opinions
Hi Robert, At 16.27 01/11/2005, Robert Collins wrote: Put me in here. I think getting 3.0 stable is not so hard, but will never happen if the focus remains on 2.5/2.6 - 2.6 should only have security fixes from 3.0. Probably the release of Squid 2.6 will further delay the release of Squid 3.0, but for me the question is when Squid 3.0 will be STABLE without a 2.6 ? My opinion is that currently the development work on Squid 3.0 is something harder than on 2.5/2.6 for some reasons: - There are not much developers that know C++ good as C - Squid 3 C++ architecture is very sophisticated, but sometimes very hard to understand, and there is only a little documentation about - Robert, that is really the major player on the C++ Squid 3 refactoring was away from Squid development for too much time So, if the development of Squid 3 will continue as the latest year, really I'm not so sure that we will ever have a STABLE 3.0 with a support and maintenance comparable to 2.5. For me, the consolidation of existing 2.5 working patches and enhancements into a 2.6 release is the only way to avoid things like this: http://www.squid-cache.org/mail-archive/squid-dev/200510/0181.html. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: My candidate changes for 2.6
Hi Henrik, At 02.24 01/11/2005, Henrik Nordstrom wrote: If there will be no oppositions, I like to start to work on it immediately. Also update the wiki page please.. http://squidwiki.kinkie.it/Squid-2.6 Done. And I will updated this page with the completion of every single step. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: My candidate changes for 2.6
Hi, At 18.48 31/10/2005, Paul Armstrong wrote: Can you also please add the resolv.conf patches from Thien Vu (and possibly the other patches I added to it when I ported it to 3.0) to the feature list for 2.6? But this is the bug #1326 :-) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
My candidate changes for 2.6
Hi, This is a more detailed list of my candidate changes for 2.6: - Addition of IPPROTO_TCP & IPPROTO_UDP usage (backport from 3.0 & old 2.6) - Cygwin full support (service, ARP acl, ...) (merge from nt-2_5 branch) - Bug #802: squid should report username in stats when auth is enabled (backport from 3.0) - Bug #907: patch to suppress version string in HTTP headers and HTML error pages (backport from 3.0) - Bug #1326: Correctly use search path from /etc/resolv.conf (backport from 3.0) If there will be no oppositions, I like to start to work on it immediately. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Squid 2.6 on Sourceforge
Hi Henrik, I like to resurrect my nt-2_6 old branch on Sourceforge, but it seems that the squid (2.x) HEAD is not still in sync with squid-cache.org. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 04.18 28/10/2005, Andrew Bartlett wrote: > I have discovered that the machine account in the domain is not > created correctly: the SPNs HOST/machine and HOST/machine.fqdn are > not created. They are needed from the Kerberos KDC for the token distribution. > So I have added manually the SPNs to the machine account. This was a regression. I've fixed this now. Good, I will try again to see what happens. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 09.13 18/10/2005, Serassio Guido wrote: And why they don't implement Negotiate for proxy connections completely beats me. Big mystery. How does MSIE authenticate with ISA server as a proxy in a pure AD environment? Is that even possible? It uses NTLM May be that IE 7 implements it, I will do a check. Just ended the installation of the latest beta of Windows "Longhorn" with IE 7: only NTLM :-( Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Henrik, At 23.00 19/10/2005, Henrik Nordstrom wrote: Downloaded, compiled, and joined to the domain. Good. I have discovered that the machine account in the domain is not created correctly: the SPNs HOST/machine and HOST/machine.fqdn are not created. They are needed from the Kerberos KDC for the token distribution. So I have added manually the SPNs to the machine account. But i like to do some test to verify is the basic membership is working, but - many configuration directive in smb.conf are changed - swat doesn't work - I can't find any documentation about Samba 4 smb.conf You shouldn't need much config at all for just authentication via winbind. It's probably best tested with ntlm_auth in it's different modes. Probably true. But I like to be sure that my Samba 4 interacts correctly with AD using Kerberos before try SPNEGO authentication. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 16.34 18/10/2005, Henrik Nordstrom wrote: On Tue, 18 Oct 2005, Serassio Guido wrote: And why they don't implement Negotiate for proxy connections completely beats me. Big mystery. How does MSIE authenticate with ISA server as a proxy in a pure AD environment? Is that even possible? It uses NTLM And if the AD has NTLM support disabled? Still using NTLM or just failing? NTLM support cannot be disabled in AD. At least NTLMv2 is always supported. Just for an example: when using Windows Cluster, the authentication against a cluster virtual node can be NTLM only. So in other words Microsoft is not yet ready to run MSAD in a pure native Kerberos mode, not even if all servers and clients run the latest greatest versions of their OS. Correct. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 01.07 18/10/2005, Henrik Nordstrom wrote: On Mon, 17 Oct 2005, Serassio Guido wrote: Another hypothesis: Currently Internet Explorer doesn't support Negotiate for Proxy Auth, so I have used Firefox 1.5 beta 2. I don't know how its Negotiate implementation is fully correct. To get MSIE happy you only need to run Squid as a reverse proxy.. Right ... :-) And why they don't implement Negotiate for proxy connections completely beats me. Big mystery. How does MSIE authenticate with ISA server as a proxy in a pure AD environment? Is that even possible? It uses NTLM May be that IE 7 implements it, I will do a check. Just for an example: when using Windows Cluster, the authentication against a cluster virtual node can be NTLM only. When Microsoft released Windows 2000, they say "No more Netbios/NTLM is needed with Windows 2000". Some year after, releasing Windows 2003, "Netbios/NTLM is not needed with Windows 2003", now in the Longhorn features i can read: "No more Netbios/NTLM is needed with Longhorn" . No comment. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 01.01 17/10/2005, Henrik Nordstrom wrote: On Mon, 17 Oct 2005, Serassio Guido wrote: Yes, I get a blob and it's returned to the browser. The strange thing is that ISA Server doesn't return anything :-( So I don't know if it's really used from the browser. More interestingly, why is the SPNEGO returning such blob if it's apparently not needed? Or maybe it's just Microsoft who again got things wrong and causes extra burden on the KDC due to not returning this in ISA.. but I'm a little clueless on how Kerberos tokens works so I really should not speculate here.. It is entirely possible this blob is only required for the client to authenticate the server (which I doubt MSIE cares about doing, especially considering the request has already been sent making it somewhat pointless to verify..). Another hypothesis: Currently Internet Explorer doesn't support Negotiate for Proxy Auth, so I have used Firefox 1.5 beta 2. I don't know how its Negotiate implementation is fully correct. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 23.56 16/10/2005, Henrik Nordstrom wrote: On Sun, 16 Oct 2005, Serassio Guido wrote: Yes, I have read (too !!!) many times this documentation before have a running helper. I have rearranged my code for a non fixed token exchange, it should works in the worst case (I hope ). We are probably reading different documents however. The clearest document I have read is Internet Draft draft-jaganathan-kerberos-http-01.txt found in the doc/rfc/ directory of Squid-3. Read this too :-) And this technical article, very interesting: http://msdn.microsoft.com/library/en-us/dnsecure/html/http-sso-1.asp This documents the HTTP aspects of the Negotiate scheme. Does not really touch how to talk to the Windows SPNEGO SSP however, but does detail that the exchange may require anywhere from 1 to N steps, and that even in the last response may there be a blob returned to the client. What I would expect is that the first request requires a series of exchanges to set up the GSSAPI context, and that subsequent requests (connections) only needs a single exchange reaffirming the same context until the token expires. Exactly what I was expecting before :-) And every document that I have found describe a similar behaviour. I have spent more than one day before discover that only one exchange was needed capturing with Ethereal the network traffic between Firefox and ISA server. I think that probably the usage of Active Directory as Kerberos backend changes something in the negotiation process when both server and client are member of the same Windows domain. The KDC runs on Domain Controllers, and the Kerberos ticket are provided in a preauthenticated state. After the first packet, on the client I can already see a valid Service Token HTTP/proxy.fqdn, before any response from the proxy. Is there a blob returned updating the context at least? Yes, I get a blob and it's returned to the browser. The strange thing is that ISA Server doesn't return anything :-( So I don't know if it's really used from the browser. In the security log of the Proxy machine (both ISA and Squid) are recorded kerberos local logon success event related to the client user account. This means that the Kerberos service token is accepted from the proxy machine. I have also tried to follow the MSDN documenation on the SPNEGO SSP API, but always seem to get lost somewhere.. and all those damned frames does not make life easier either (very hard to bookmark). Take a look in the following pages: http://msdn.microsoft.com/library/en-us/dnsecure/html/sspikerberos.asp http://msdn.microsoft.com/library/en-us/secauthn/security/sspi.asp http://msdn.microsoft.com/library/en-us/secauthn/security/using_sspi.asp http://msdn.microsoft.com/msdnmag/issues/0500/security/toc.asp http://msdn.microsoft.com/msdnmag/issues/0800/security/toc.asp Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO seems to work on Windows !!!
Hi Henrik, At 21.00 16/10/2005, Henrik Nordstrom wrote: On Sun, 16 Oct 2005, Serassio Guido wrote: Using Kerberos, only the blob provided from the client (should be the Service Token) is needed, so the communication between Squid and the helper must be only YR ==> AF. Very odd.. there is supposed to be a significantly longer exchange.. Exactly what I'm expecting too :-( Are you running the browser locally on the same machine? In the past I have found Windows SPNEGO (even SPNEGO over HTTP) to behave very different on local connections than network connections to remote servers, and in such situations using neither NTLM or Kerberos GSSAPI but instead some very lightweigth "local user" authentication model using just a single client->server packet like you describe. No, two different machines, and with two different logged in users. I know the "Local Call" problem, I have handled it in the NTLM native helper. For this reason I have done some testing with different machines/users. I don't have tried running the browser and Squid on the same machine, I will do a test before Friday. The interesting thing is that using Microsoft ISA Server 2004 configured for Negotiate, the packet flow is the same. This could be related to an Active Directory accounts property called "Kerberos preauthentication". It will be very interesting to see what happens using Samba. This is another test that I will do before Friday. In any event the Negotiate patch doesn't really care how many steps there is. Anywhere from 1 to N steps is fine, or as many as the negotiated authentication system requires to finish the handshake. The sequence YR ==> AF seems to work fine, the Squid uptime is now 6 hours. But during a failed test, I got a neverending sequence of KK ==> TT, and it seems to me that something is wrong here: after the second KK ==> TT, I got the following error: 2005/10/15 21:17:18| helperStatefulHandleRead: unexpected read from negotiateauthenticator #1, 41 bytes 2005/10/15 21:17:18| helperStatefulHandleRead: unexpected read from negotiateauthenticator #1, 41 bytes 2005/10/15 21:17:18| helperStatefulHandleRead: unexpected read from negotiateauthenticator #1, 41 bytes 2005/10/15 21:17:18| helperStatefulHandleRead: unexpected read from negotiateauthenticator #1, 32 bytes Reading Microsoft documentation. It says there will be 1-N exchanges taking plase until the GSSAPI context is complete. It is possible the first message is sufficient in some cases, but not always. Yes, I have read (too !!!) many times this documentation before have a running helper. I have rearranged my code for a non fixed token exchange, it should works in the worst case (I hope ). Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
SPNEGO seems to work on Windows !!!
Hi Henrik, After a long fight with SSP Windows function calls, finally I have a working SPNEGO authenticator on Windows, and Kerberos authentication is used. This is the test environment: Client: Windows 2000 Professional running Mozilla 1.5 beta 2 Server: Windows 2000 Professional running Squid 2.5 with negotiate patch and a native negotiate helper Both machines are member of a Windows 2003 domain. But I discovered something strange: Using Kerberos, only the blob provided from the client (should be the Service Token) is needed, so the communication between Squid and the helper must be only YR ==> AF. I have found the same behaviour using Microsoft ISA Server 2004. As a check, I can find in the Security log of the proxy server the Kerberos logon events associated to the Squid usage. Really I don't know if this happens only while running natively on Windows. I will try to do some test using Samba 4 ntlm_auth. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 23.25 10/10/2005, Andrew Bartlett wrote: > >We support both domain member and DC roles for this, but the domain > >member side is a bit fiddly (but functional, I believe) for NTLM > >support. Kerberos is much easier. > > So, have a working baseline based on Linux and Samba as an AD Member > will be not so easy as I was hoping :-( svn co; ./autogen.sh; ./configure; make; make install; 'net join domain' That should handle most of it. Setup the smb.conf with 'domain role = member'. Downloaded, compiled, and joined to the domain. But i like to do some test to verify is the basic membership is working, but - many configuration directive in smb.conf are changed - swat doesn't work - I can't find any documentation about Samba 4 smb.conf Where can I find some docs or how to do swat work ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 23.35 11/10/2005, Andrew Bartlett wrote: > > I need to know what library components are needed for a correct > build: my development environment is configured for Squid. Is it not building for you? Samba4 has it's ldap and kerberos libs built in, so there are much fewer external dependencies. Mostly you need autoconf, perl, make and gcc. I don't still have tried. Mine was only an informative question. I will work on during the incoming weekend. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 23.25 10/10/2005, Andrew Bartlett wrote: > > So, have a working baseline based on Linux and Samba as an AD Member > will be not so easy as I was hoping :-( svn co; ./autogen.sh; ./configure; make; make install; 'net join domain' That should handle most of it. Setup the smb.conf with 'domain role = member'. > Any chance to have this working in a future Samba 3.x release, or we > must wait for Samba 4 ? I'm happy to assist you with setting up Samba4 to handle this, but the Samba3 code just isn't up to snuff on SPNEGO I feel. OK. I need to know what library components are needed for a correct build: my development environment is configured for Squid. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Deprecated format specifier in cygwin
Hi Andrey, At 20.22 11/10/2005, Andrey Shorin wrote: Hello Squid, Using cvs -d:pserver:[EMAIL PROTECTED]:/squid co -kk squid [EMAIL PROTECTED] ~/squid/squid-2.5-cygwin Stop ... :-) On Cygwin you must use the nt-2_5 branch, all cygwin specific branches are outdated. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [Squid-cvs] nt-2_5 squid/port/win32/include squid-mswin.h,1.1.2.32,1.1.2.33
Hi, At 00.43 11/10/2005, Henrik Nordstrom wrote: On Tue, 11 Oct 2005, Andrey Shorin wrote: Index: squid-mswin.h #if defined(_MSC_VER) /* Microsoft C Compiler ONLY */ +/* No param.h on Windows */ +#define MAXHOSTNAMELEN 256 + Guido, I'm not sure if this line belongs here regarding MinGW and cygwin. Does Cygwin and MinGW also lack the MAXHOSTNAMELEN define in their headers? Andrey: On MinGW it's not defined, when on Cygwin is defined to only 64. But I don't like at all your solution. We must set MAXHOSTNAMELEN to the real maximum value supported from Winsocks2 interface. So MAXHOSTNAMELEN should be set to a value specified from a Windows include. I don't know if 256 is safe for Windows function calls. Information from http://www.acmeconsulting.it/pagine/opensource/squid/squidnt25.htm and http://www.acmeconsulting.it/pagine/opensource/squid/buildenvironment.htm is not enough for me. In particular, among others, I'm not sure whether HEAD or nt-2_5 branch should be used. HEAD in the SourceForge/devel.squid-cache.org CVS tree should never be used. For building 2.5 with MS compilers the nt-2_5 branch should be used. Cygwin/MinGW I am not entirely sure about, but probably the nt-2_5 branch is a good idea. At least for MinGW (cygwin can build the standard distribution). nt-2_5 can be build in "native" mode using MinGW or MS VisualStudio 6, and in "emulation" mode with Cygwin. The MinGW build process is exactly like Cygwin. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 15.43 10/10/2005, Andrew Bartlett wrote: > >You need Samba4 unfortunately. I promised (then did not deliver) > >instructions for Henrik. Start by downloading and installing Samba4 as > >a domain controller. It is in SVN, instructions on devel.samba.org > > OK, but I need to configure Samba 4 as Domain Controller ? > I want to make my tests on a Windows AD Domain. We support both domain member and DC roles for this, but the domain member side is a bit fiddly (but functional, I believe) for NTLM support. Kerberos is much easier. So, have a working baseline based on Linux and Samba as an AD Member will be not so easy as I was hoping :-( Any chance to have this working in a future Samba 3.x release, or we must wait for Samba 4 ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 00.19 10/10/2005, Andrew Bartlett wrote: > Samba 3.0.14a provided with Debian Sarge is enough to test Negotiate, > or I need to install 3.0.20a ? > > I like to have a working baseline on Linux before to work on a native > Windows Negotiate Helper. You need Samba4 unfortunately. I promised (then did not deliver) instructions for Henrik. Start by downloading and installing Samba4 as a domain controller. It is in SVN, instructions on devel.samba.org OK, but I need to configure Samba 4 as Domain Controller ? I want to make my tests on a Windows AD Domain. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
Hi Andrew, At 14.35 09/10/2005, Andrew Bartlett wrote: On Sun, 2005-10-09 at 11:27 +0200, Serassio Guido wrote: > Hi Henrik, > > I'm trying to test SPNEGO on native Windows, but I have still some > open questions: > > - In the response message ' NA blob message', what should be the blob content ? The last leg from client to server is an SPNEGO reject token in this case, and should be supplied to you by SSPI. Thanks for the info. Microsoft documentation is not so clear on Negotiate protocol, even if they recommend to use it instead of use explicitly NTLM or Kerberos :-( > - What client to use for testing it ? I have tried to play with the > network.negotiate-auth options of Firefox and Mozilla, but without any result. That's what I've used in the past. I think I made it work... You need the 1.5 betas for HTTP proxy stuff. Yes, I can confirm that Firefox 1.5 beta 2 accepts Negotiate authentication requests. Andrew: another question: Samba 3.0.14a provided with Debian Sarge is enough to test Negotiate, or I need to install 3.0.20a ? I like to have a working baseline on Linux before to work on a native Windows Negotiate Helper. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
SPNEGO questions
Hi Henrik, I'm trying to test SPNEGO on native Windows, but I have still some open questions: - In the response message ' NA blob message', what should be the blob content ? - What client to use for testing it ? I have tried to play with the network.negotiate-auth options of Firefox and Mozilla, but without any result. - I'have found a bug in the NTLM code of the negotiate branch: into authenticateNTLMHandleReplay(), blob must be incremented before using it, something like this should be good: @@ -434,6 +434,8 @@ authenticateNTLMHandleReply(void *data, /* seperate out the useful data */ blob = strchr(reply, ' '); +if (blob != NULL) +blob++; Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO test
Hi Henrik, At 19.54 06/10/2005, Henrik Nordstrom wrote: Running a cvsmerge right now to bring in the delay pools fix. Should be ready when you receie this mail. Just added a negotiate-nt-2_5 branch, imported the SPNEGO patch. It builds fine on Windows, and Squid seems to work correctly using NTLM NEGOTIATE. Now starting to play with "SPNEGO" ... :-) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: cvs commit: squid3/src mem_node.cc mem_node.h stmem.cc stmem.h store_swapout.cc
Hi Duane, At 20.23 14/09/2005, [EMAIL PROTECTED] wrote: wessels 2005/09/14 12:23:21 MDT Modified files: src mem_node.cc mem_node.h stmem.cc stmem.h store_swapout.cc Log: Bug #1332: mem_node leak After this patch, build on 64 bit systems fails: depbase=`echo mem_node.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`; \ if g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/usr/local/squid3/etc/squid.conf\" -I. -I. -I../include -I. -I. -I../include -I../include -I../lib/libTrie/include -I../lib/cppunit-1.10.0/include -I ../lib/cppunit- 1.10.0/include -I/usr/include/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -D_REENT RANT -g -O2 -MT mem_node.o -MD -MP -MF "$depbase.Tpo" -c -o mem_node.o mem_node.cc; \ then mv -f "$depbase.Tpo" "$depbase.Po"; else rm -f "$depbase.Tpo"; exit 1; fi mem_node.cc: In function `int makeMemNodeDataOffset()': mem_node.cc:52: warning: cast from pointer to integer of different size make[3]: *** [mem_node.o] Error 1 Looking into the code, I'm not sure to understand correctly what makeMemNodeDataOffset() does. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO test
Hi Henrik, At 19.54 06/10/2005, Henrik Nordstrom wrote: It should be fairly up to date already. Was cvsmerge:d on the 24/9, when 2.5.STABLE11 was released. Running a cvsmerge right now to bring in the delay pools fix. Should be ready when you receie this mail. Thanks. I will do a merge in a copy of the Windows port Saturday. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO test
Hi Henrik, At 11.47 06/10/2005, Henrik Nordstrom wrote: On Wed, 5 Oct 2005, Serassio Guido wrote: I think that the current native Windows NTLM helper should be arranged, but I need to know what is changed (if any) in the NTLM helper protocol. The protocol is mostly the same, but slightly different. The main difference is that AF & NA now carries a blob AF blob login NA blob message If I'm not wrong, currently the only reference helper is Samba 4 ntlm_auth, right ? Another question, there is any problem if I run cvsmerge on SPNEGO branch ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
SPNEGO test
Hi Henrik, I like to do a native Windows test of the 2.5 SPNEGO code. So I will create a new nt-2_5-spnego CVS branch on Sourgeforge. I think that the current native Windows NTLM helper should be arranged, but I need to know what is changed (if any) in the NTLM helper protocol. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid-2.5.STABLE11-RC2 (Release Candidate 2) available
Hi Henrik, At 01.23 17/09/2005, Henrik Nordstrom wrote: The 2.5.STABLE11 release is now planned for Wednesday if no regression errors are found before then. Any new (or old) problems found which also exists in 2.5.STABLE10 will not be considered to be fixed for the 2.5.STABLE11 release unless there is good reason to classify these as major or security issues. There is already too much changes. I have just got the report of a Windows/Cygwin specific minor problem: the incoming Windows Vista (Longhorn) is not supported. I have a little patch to fix the problem, that I like to commit before STABLE11 release, if you agree. Index: src/dns_internal.c === RCS file: /cvsroot/squid/squid/src/dns_internal.c,v retrieving revision 1.15.6.8 diff -u -p -r1.15.6.8 dns_internal.c --- src/dns_internal.c 12 May 2005 02:14:15 - 1.15.6.8 +++ src/dns_internal.c 20 Sep 2005 10:08:08 - @@ -235,6 +235,7 @@ idnsParseWIN32Registry(void) case _WIN_OS_WIN2K: case _WIN_OS_WINXP: case _WIN_OS_WINNET: +case _WIN_OS_WINLON: /* get nameservers from the Windows 2000 registry */ /* search all interfaces for DNS server addresses */ if (RegOpenKey(HKEY_LOCAL_MACHINE, Index: src/enums.h === RCS file: /cvsroot/squid/squid/src/enums.h,v retrieving revision 1.29.2.16 diff -u -p -r1.29.2.16 enums.h --- src/enums.h 11 Sep 2005 02:13:22 - 1.29.2.16 +++ src/enums.h 20 Sep 2005 10:08:09 - @@ -735,7 +735,8 @@ enum { _WIN_OS_WINNT, _WIN_OS_WIN2K, _WIN_OS_WINXP, -_WIN_OS_WINNET +_WIN_OS_WINNET, +_WIN_OS_WINLON }; #endif Index: src/win32.c === RCS file: /cvsroot/squid/squid/src/win32.c,v retrieving revision 1.5.6.1 diff -u -p -r1.5.6.1 win32.c --- src/win32.c 26 Jun 2002 20:45:14 - 1.5.6.1 +++ src/win32.c 20 Sep 2005 10:08:09 - @@ -58,9 +58,13 @@ GetOSVersion() return _WIN_OS_WINXP; } if ((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion == 2)) { - WIN32_OS_string = xstrdup("Windows .NET"); + WIN32_OS_string = xstrdup("Windows Server 2003"); return _WIN_OS_WINNET; } + if ((osvi.dwMajorVersion == 6) && (osvi.dwMinorVersion == 0)) { + WIN32_OS_string = xstrdup("Windows code name \"Longhorn\""); + return _WIN_OS_WINLON; + } break; case VER_PLATFORM_WIN32_WINDOWS: if ((osvi.dwMajorVersion == 4) && (osvi.dwMinorVersion == 0)) { Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5 build problems with --enable-ipf-transparent on HP Tru64
Hi Henrik, At 13.43 17/09/2005, Henrik Nordstrom wrote: You are most welcome adding a blurb about these ipfilter issues to the FAQ and/or release notes. Please, take a look on the attached release-notes changes, I have added some ipfilter info and I have removed some closed bugs. If you like the changes, please do you can commit they and generate the new html ? linuxdoc on my Debian machine seems to build html something different from the current release-notes.html. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5 build problems with --enable-ipf-transparent on HP Tru64
Hi Henrik, At 01.31 17/09/2005, Henrik Nordstrom wrote: On Tue, 13 Sep 2005, Serassio Guido wrote: from configure:4138: /usr/include/kern/lock.h:204:24: rt_preempt.h: No such file or directory /usr/include/kern/lock.h:205:25: mach_ldebug.h: No such file or directory Looks like busted system (or maybe ipfilter) headers too me. Most likely a missing header dependency. I have build and installed ipfilter on this machine starting from sources without errors, and Squid, after forcing the ipfilter usage, builds without errors. The only oddity was that the installation of only ip_fil.h is targeted from the make install command of ipfilter, the other include file need to be installed manually. It seems that latest ipfilter includes are not developed for an external usage like Squid does, do you remember the SOLARIS2 define problem on Solaris ? Any hints on how fix this problem ? Not really. For now document the issue in the release notes. Yes something like "Using ipfilter 4.x on HP True64 maybe that blah blah" I like to add an ipfilter section in the known issues: I have found another silly problem on Solaris 10: Sun provides ipfilter 4.0.22 in the OS, but without include files They need to be downloaded from the OpenSolaris web site ... :-( You can use the following to tell configure that this header exists, making it skip the test: env ac_cv_header_netinet_ip_compat_h=yes ./configure ... this should save you from having to edit include/autoconf.h manually. Yes, it works. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Some bug status
Hi Henrik, At 03.32 13/09/2005, Henrik Nordstrom wrote: On Tue, 13 Sep 2005, Serassio Guido wrote: Just for my check, bugs #1327, #1351 and #1370 can be marked "PATCH25" ? You are looking into stealing my bugs? You are most welcome to ;-) What about bug #1204 ? Can be stolen too ? :-) Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Some bug status
Hi Henrik, At 03.32 13/09/2005, Henrik Nordstrom wrote: On Tue, 13 Sep 2005, Serassio Guido wrote: Just for my check, bugs #1327, #1351 and #1370 can be marked "PATCH25" ? You are looking into stealing my bugs? You are most welcome to ;-) This week only I have a lot of free time to spend on Squid, so I'm looking for anything that I'm able to do ... :-) #1351 and #1370 is ready to commit as-is. (and hence the report is already set to P1). For the LDAP helpers just remember to grab the official patch as the bugzilla patch only addresses one of the two.. (exact same problem in squid_ldap_group). Ok, I will compare 2.5 and 3.0 source code to check any missing thing. 1327 needs to be ported, but it is maybe best to do this after the cleaned up NTLM framework is in place and is why I did not move it to the porting queue just yet.. Kinkie? But on the other hand, thinking about what #1327 changes there is little or no conflict with the NTLM rewrite so it should be OK to move this forward immediately if you prefer. I take a look, if the forward port is simple, i will do it. Henrik, you are the "SSL guru". If you have time, do you can look to bugs #859, #1269 and #1355 ? The SSL code in 3.0 is heavy refactored, and for me is very hard to understand what should be changed (if any). Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Squid 2.5 build problems with --enable-ipf-transparent on HP Tru64
Hi, When trying to test --enable-ipf-transparent on HP Tru64, I have got the following configure error: checking if IP-Filter header files are installed... no WARNING: Cannot find necessary IP-Filter header files Transparent Proxy support WILL NOT be enabled But ipfilter is installed, and all needed include files are present. Looking into config.log, I have found this: configure:4132: checking for netinet/ip_compat.h configure:4142: gcc -E -I/usr/local/include conftest.c >/dev/null 2>conftest.out In file included from /usr/include/kern/queue.h:96, from /usr/include/kern/event.h:50, from /usr/include/sys/select.h:54, from /usr/local/gcc343/bin/../lib/gcc/alpha-dec-osf5.1/3.4.3/include/sys/types.h:605, from /usr/local/gcc343/bin/../lib/gcc/alpha-dec-osf5.1/3.4.3/include/sys/uio.h:79, from /usr/include/netinet/ip_compat.h:123, from configure:4138: /usr/include/kern/lock.h:204:24: rt_preempt.h: No such file or directory /usr/include/kern/lock.h:205:25: mach_ldebug.h: No such file or directory configure: failed program was: #line 4137 "configure" #include "confdefs.h" #include configure:4132: checking for netinet/ip_fil_compat.h configure:4142: gcc -E -I/usr/local/include conftest.c >/dev/null 2>conftest.out configure:4138:35: netinet/ip_fil_compat.h: No such file or directory configure: failed program was: #line 4137 "configure" #include "confdefs.h" #include configure:4132: checking for netinet/ip_fil.h configure:4142: gcc -E -I/usr/local/include conftest.c >/dev/null 2>conftest.out configure:4132: checking for netinet/ip_nat.h configure:4142: gcc -E -I/usr/local/include conftest.c >/dev/null 2>conftest.out configure:4132: checking for netinet/ipl.h It seems that netinet/ip_compat.h cannot be compiled during configure. But Squid builds fine forcing in include/autoconf.h after configure: #define IPF_TRANSPARENT 1 #define HAVE_NETINET_IP_COMPAT_H 1 Any hints on how fix this problem ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: cvs commit: squid3/src HttpMsg.cc HttpReply.cc HttpReply.h
Hi Reuben, At 10.42 13/09/2005, Reuben Farrelly wrote: Hi, On 13/09/2005 11:28 a.m., [EMAIL PROTECTED] wrote: wessels 2005/09/12 17:28:57 MDT Modified files: src HttpMsg.cc HttpReply.cc HttpReply.h HttpRequest.cc HttpRequest.h HttpStatusLine.cc HttpStatusLine.h Makefile.am Makefile.in client_side.h protos.h Log: Changes to HTTP request and reply parsing classes, started by Alex, further hacked by DW. These are forward-ported from ICAP development on sourceforge. Alex's original commit message: This commit I believe, is the one that has broken squid3 -CVS: ../../src/HttpReply.h:37:21: error: HttpMsg.h: No such file or directory Nothing so serious: simply Duane forgot to commit the HttpMsg.h file. Much as more development on squid3 is great to see, please compile test -CVS after you commit big chunks of code like this Reuben: please, don't forget that when the HEAD branch is open for development, could be open for mistakes too :-) But I agree with you about the need of run a build test with full configure option enabled after ANY commit, this could catch immediately some errors. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Some bug status
Hi Henrik, Just for my check, bugs #1327, #1351 and #1370 can be marked "PATCH25" ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: 2.5.STABLE11 approaching
Hi Henrik, At 01.02 02/09/2005, Henrik Nordstrom wrote: Merged a quite large portion of the patch queue for 2.5 tonight. Relatively few open bugs now remains for 2.5.STABLE11. Please help testing, making sure the patches do no introduce new bugs. I have just ended a cross-platform build test. Current 2.5 CVS source tree builds fine on: - FreeBSD 5.3 - OpenBSD 3.6 - HP Tru64 5.1 - Linux Debian 3.1 - Cygwin - Solaris 9 x86 - Solaris 10 x86 The merge in the native Windows port is OK and builds and run on: - Microsoft VisualStudio 6 - MinGW - Cygwin Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Opinion on some open bugs
Hi Henrik, At 21.10 15/08/2005, Henrik Nordstrom wrote: On Sun, 14 Aug 2005, Serassio Guido wrote: #199 and #1374. 3.0 patch is already applied, I'm waiting for opinions on 2.5 patch before commit. Is this patch you are waiting for opinions on in Bug #199? Sorry, I was not clear. I'm referring to the 2.5 patch on Bug #1374. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5 new mail_program feature proposal
Hi Henrik, At 14.23 12/08/2005, Henrik Nordstrom wrote: No, I think the existing patch is fine. Didn't know we executed mail in such simpleminded manner. OK, applied to Squid 2.5 and 3.0. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Opinion on some open bugs
Hi Henrik, At 16.45 03/08/2005, Henrik Nordstrom wrote: On Tue, 12 Jul 2005, Serassio Guido wrote: The problem is clear. But what about a simple workaround like the following patch ? +#ifdef _SQUID_SOLARIS_ +#define SOLARIS 1 +#undef free +#undef sync +#endif #include Looks reasonable as a temporary workaround, but the real problem of in which order the include files are referenced should be fixed. For now add a comment just why this is required and I am fine with it. Finally I have full understood Solaris problems related to Ipfilter. There are 3 different problems here: - free redefinition when using ARP acl with ipfilter, this seems to affect only Squid 2.5, and the 2.5 workaround patch (just applied) from Bug #199 fix it. - gcc fixed/not fixed includes, this seems to affect only Squid 3.0, and the already applied 3.0 patch from Bug #199 fix it. - Missing definition of SOLARIS2 when using recent ipfilter versions, this affect both Squid 2.5 an 3.0, causing all the conflicting errors from bug #199 and #1374. 3.0 patch is already applied, I'm waiting for opinions on 2.5 patch before commit. If you agree, I think that now Bug #199 could be really closed. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5 new mail_program feature proposal
Hi Henrik, At 13.31 09/08/2005, Henrik Nordstrom wrote: On Sun, 7 Aug 2005, Serassio Guido wrote: A "mail_program" configuration option in squid.conf that allows to specify the program that squid will be use to send fatal reports by mail. Ok. No problem with that. I have attached the proposed patch. I have used an eol type instead of a string type, this allow to specify not only the program name, but command line options too. Ok. Isn't "wordlist" a more appropriate type, giving you the line already split into words? This is what is used for other program specifications accepting arguments. Sure. I have used 'eol' only to have a very small change in tools.c: -snprintf(command, 256, "mail %s < %s", Config.adminEmail, filename); +snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename); For example, on Windows I have used something like: mail_program c:/squid/libexec/mailsend.exe -smtp smtp.tld.com -d tld.com -f [EMAIL PROTECTED] -sub "Squid failure" -t Hmm.. we do have a config entry for the email address today. Perhaps we should expand the string with errorBuildContent or similar to allow this and other interesting % codes to be used in the string. I think that something like the following configuration tags could be very useful: - The destination e-mail address (today we have only this) - The from e-mail address, currently we use appname string - The subject of the message - The email program to use - The email program command line with % codes that can be expanded with to, from and subject values - The message body itself, with again % codes that can be expanded with a error code/message and the to, from and subject values But probably a similar change is too big for 2.5. If you like, I could write a simplified version for 2.5, with only the following tags: mail_program a string with the mail program name mail_program_options a wordlist with mail program command line options Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Usage of truncate() with aufs
Hi Robert, At 02.44 09/08/2005, Robert Collins wrote: On Mon, 2005-08-08 at 19:08 +0200, Serassio Guido wrote: > Hi, > > Looking to bug #1371 (http://www.squid-cache.org/bugs/show_bug.cgi?id=1371) > I have found the following code: > > void > DiskThreadsIOStrategy::unlinkFile(char const *path) > { > statCounter.syscalls.disk.unlinks++; > #if USE_TRUNCATE_NOT_UNLINK > > aioTruncate(path, NULL, NULL); > #else > > aioUnlink(path, NULL, NULL); > #endif > } > > And in configure I'm reading: > > --enable-truncate This uses truncate() instead of unlink() when >removing cache files. Truncate gives a little >performance improvement, but may cause problems >when used with async I/O. Truncate uses more >filesystem inodes than unlink.. > > So I have a doubt: > > #if USE_TRUNCATE_NOT_UNLINK > > Is an error or a trick to avoid usage of truncate() with aufs ? Neither, its the corollary to the configure option ... the api is always unlinkFile, but if --enable-truncate is passed, then the underlying implementation becomes truncate. Sorry, but I was not clear: --enable-truncate defines USE_TRUNCATE, not USE_TRUNCATE_NOT_UNLINK. USE_TRUNCATE_NOT_UNLINK is not defined in any other place. So truncate() will be never used. This is correct, or an old error ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Usage of truncate() with aufs
Hi, Looking to bug #1371 (http://www.squid-cache.org/bugs/show_bug.cgi?id=1371) I have found the following code: void DiskThreadsIOStrategy::unlinkFile(char const *path) { statCounter.syscalls.disk.unlinks++; #if USE_TRUNCATE_NOT_UNLINK aioTruncate(path, NULL, NULL); #else aioUnlink(path, NULL, NULL); #endif } And in configure I'm reading: --enable-truncate This uses truncate() instead of unlink() when removing cache files. Truncate gives a little performance improvement, but may cause problems when used with async I/O. Truncate uses more filesystem inodes than unlink.. So I have a doubt: #if USE_TRUNCATE_NOT_UNLINK Is an error or a trick to avoid usage of truncate() with aufs ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5 new mail_program feature proposal
Hi Andrey, At 21.49 07/08/2005, Andrey Shorin wrote: Hello Serassio, Sunday, August 7, 2005, 23:32:03, Serassio Guido wrote: Well, I created mail.cmd which is on PATH for account I use to run SquidNT service. It works fine for me (I intentionally crashed squid to test). The mail.cmd script contains only one line: @postie -t -host:mail.tushino.com %* Look http://www.infradig.com/postie/index.shtml for info on postie command line MTA. Very interesting, specially the -t option that allow the usage of a Unix sendmail compatible input stream. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Squid 2.5 new mail_program feature proposal
Hi Henrik, I know that Squid 2.5 is feature freezed, but I would like to add a little new feature very useful for the Windows port and may be for other platforms: A "mail_program" configuration option in squid.conf that allows to specify the program that squid will be use to send fatal reports by mail. I have attached the proposed patch. I have used an eol type instead of a string type, this allow to specify not only the program name, but command line options too. For example, on Windows I have used something like: mail_program c:/squid/libexec/mailsend.exe -smtp smtp.tld.com -d tld.com -f [EMAIL PROTECTED] -sub "Squid failure" -t I will add an identical feature to Squid 3.0. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/ Index: src/cf.data.pre === RCS file: /cvsroot/squid/squid/src/cf.data.pre,v retrieving revision 1.245.2.95 diff -u -p -r1.245.2.95 cf.data.pre --- src/cf.data.pre 9 Jun 2005 07:51:46 - 1.245.2.95 +++ src/cf.data.pre 7 Aug 2005 18:43:10 - @@ -2444,6 +2444,19 @@ DOC_START DOC_END +NAME: mail_program +TYPE: eol +DEFAULT: mail +LOC: Config.EmailProgram +DOC_START + Email program used to send mail if the cache dies. + The default is "mail". The specified program must complain + with the standard Unix mail syntax: + mail_program recipient < mailfile + Optional command line options can be specified. +DOC_END + + NAME: cache_effective_user TYPE: string DEFAULT: nobody Index: src/structs.h === RCS file: /cvsroot/squid/squid/src/structs.h,v retrieving revision 1.408.2.44 diff -u -p -r1.408.2.44 structs.h --- src/structs.h 9 Jun 2005 07:51:47 - 1.408.2.44 +++ src/structs.h 7 Aug 2005 18:43:10 - @@ -480,6 +480,7 @@ struct _SquidConfig { int rotateNumber; } Log; char *adminEmail; +char *EmailProgram; char *effectiveUser; char *effectiveGroup; struct { Index: src/tools.c === RCS file: /cvsroot/squid/squid/src/tools.c,v retrieving revision 1.213.2.16 diff -u -p -r1.213.2.16 tools.c --- src/tools.c 13 Jun 2005 22:26:22 - 1.213.2.16 +++ src/tools.c 7 Aug 2005 18:43:10 - @@ -110,7 +110,7 @@ mail_warranty(void) fprintf(fp, "To: %s\n", Config.adminEmail); fprintf(fp, "Subject: %s\n", dead_msg()); fclose(fp); -snprintf(command, 256, "mail %s < %s", Config.adminEmail, filename); +snprintf(command, 256, "%s %s < %s", Config.EmailProgram, Config.adminEmail, filename); system(command); /* XXX should avoid system(3) */ unlink(filename); }
Re: Opinion on some open bugs
Hi Henrik, At 16.45 03/08/2005, Henrik Nordstrom wrote: On Tue, 12 Jul 2005, Serassio Guido wrote: The problem is clear. But what about a simple workaround like the following patch ? +#ifdef _SQUID_SOLARIS_ +#define SOLARIS 1 +#undef free +#undef sync +#endif #include Looks reasonable as a temporary workaround, but the real problem of in which order the include files are referenced should be fixed. For now add a comment just why this is required and I am fine with it. I have just published on Bugzilla this workaround patch for Squid 2.5 with comments and I have applied a fix to Squid 3.0 for the handling of fixed or not fixed gcc Solaris headers. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SquidTray project and Release.
Hi Pierre-Yves, At 16.02 26/07/2005, Henrik Nordstrom wrote: On Fri, 22 Jul 2005, Pierre-Yves CAILLIATTE wrote: Hello, I'm programming a new application to configure and driver SquidNT (Squid for Windows). If you want to get it and tray it go on http://developer.berlios.de/projects/squidtray/ or to download it : http://download.berlios.de/squidtray/SquidTray_0_2.zip Perhaps you should coordinate your efforts with Guido Serassio, the SquidNT port maintainer. You are welcome to ask any relevant questions you may have on the squid-dev@squid-cache.org mailinglist where most Squid developers hang out. Could be an interesting project. I like to know some more detail about current and planned features. On the website there are no details about. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Translation of messages
Hi, At 14.45 18/07/2005, George Papamichelakis wrote: Hi , I hope this is the right list to send this... Yes, It is. I have translated messages for squid in Greek langunage the original were taken from the debian stable version. Were should I send them to be included in the source tree? The better thing should be to open a enhancement bug on Bugzilla (http://www.squid-cache.org/bugs/index.cgi) and attach to this bug a patch against the current Squid stable sources. The changes will be applied to Squid 3.0 and probably to Squid 2.5 too. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Opinion on some open bugs
Hi Henrik, At 01.45 12/07/2005, Henrik Nordstrom wrote: On Mon, 11 Jul 2005, Serassio Guido wrote: Just installed now, and problem is still here ... :-( I like to know what happens on Solaris 10, where ipfilter is bundled into. Probably the same thing. the fault is imho at Squid, not Solaris/IP-Filter. The trouble is/was caused by the following: #define free + etc in squid.h to block misuse of standard malloc routines where the Squid versions should be used. This pollutes the C/C++ token namespace crashing any structures or classes having members of the same names. The problem is clear. But what about a simple workaround like the following patch ? Index: src/client_side.c === RCS file: /squid/squid/src/client_side.c,v retrieving revision 1.561.2.80 diff -u -p -r1.561.2.80 client_side.c --- src/client_side.c 30 Jun 2005 08:38:00 - 1.561.2.80 +++ src/client_side.c 12 Jul 2005 19:07:57 - @@ -46,6 +46,11 @@ #elif HAVE_NETINET_IP_FIL_COMPAT_H #include #elif HAVE_IP_COMPAT_H +#ifdef _SQUID_SOLARIS_ +#define SOLARIS 1 +#undef free +#undef sync +#endif #include #elif HAVE_NETINET_IP_COMPAT_H #include With this patch, Squid 2.5 builds fine with both ARP and ipfilter. Please note the SOLARIS define: it seems that includes from ipfilter 4.1.8 have problems to detect correctly my machine. This fixes the things. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Opinion on some open bugs
Hi Henrik, At 01.32 12/07/2005, Henrik Nordstrom wrote: On Mon, 11 Jul 2005, Serassio Guido wrote: But now I'm a little confused: it seems that gcc on Solaris (x86 only ?) is very unstable, so I like to understand what Solaris x86 reference platform should we use for Squid development. Squid-2.5 is verified (build and trivial runtime tests only) on Solaris 9 Sparc using both GCC-3.2.3 and SunPro CC something. Have never tried Solaris x86. GCC is supposed to be quite stable on Solaris. At least on Sparc, and I have a hard time beleiving x86 would be much worse as very little is OS-dependent. But there may obviously be binutil related (ld, ar etc) issues. Probably better to use Solaris bundled binutils. But I am not a Solaris user so I don't know. This is the my version: bash-2.05$ gcc -v Reading specs from /usr/local/lib/gcc-lib/i386-pc-solaris2.9/3.3.2/specs Configured with: ../configure --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --disable-nls Thread model: posix gcc version 3.3.2 binutils are the Solaris bundled. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Opinion on some open bugs
Hi Henrik, At 23.52 10/07/2005, Henrik Nordstrom wrote: On Sun, 10 Jul 2005, Serassio Guido wrote: - #199: for me could be closed: current version of Squid 2.5 and 3.0 build fine on Solaris x86 with ARP acls enabled. Do you have IP-Filter installed? --enable-ipf-transparent is required for the problem to arise. No. Just installed now, and problem is still here ... :-( I like to know what happens on Solaris 10, where ipfilter is bundled into. The correct fix is in theory not very hard, but requires a bit of juggling around with how we manage include files to never include system headers after squid.h. However, there is some complications due to the FD_SETSIZE overriding which is also done in squid.h and needs to be done before the include of system headers.. Because of this I didn't want to attemt fixing this in 2.5. Things on Solaris seems to be more complex: I had this problem building ipfilter on my Solaris 9 x86: http://www.phildev.net/ipf/IPFsolaris.html#solaris19 After fixing as proposed, ipfilter builds and installs fine, but Squid 3 broke on this patch that allow it to build without the headers fixing: http://www.squid-cache.org/cgi-bin/cvsweb.cgi/squid3/include/config.h.diff?r1=1.10&r2=1.11&f=h Backing out this, Squid 3 build fine with both ARP and ipfilter support. But now I'm a little confused: it seems that gcc on Solaris (x86 only ?) is very unstable, so I like to understand what Solaris x86 reference platform should we use for Squid development. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Opinion on some open bugs
Hi, I like to know others opinions on the following two open bugs: - #199: for me could be closed: current version of Squid 2.5 and 3.0 build fine on Solaris x86 with ARP acls enabled. - #245: probably could be marked as duplicate of #767 Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5.STABLE10-NT won't rebuild store from disk
Hi, At 23.28 08/07/2005, Andrey Shorin wrote: Hello Serassio, Saturday, July 9, 2005, 1:21:03, Serassio Guido wrote: >>P.S. [EMAIL PROTECTED] mailing list doesn't reflect my commit (2 >>hours passed since that). Is that OK? > I'm subscribed to Squid-cvs digest, if there is a little activity, > e-mail are sent on daily basis. On what mailing list do you are subscribed ? Both [EMAIL PROTECTED] and [EMAIL PROTECTED] (just subscribed the latter, so I don't know the latency yet) http://sourceforge.net/mailarchive/forum.php?forum_id=33153 doesn't show anything yet also. I don't know how the archiving is delayed, but I can see my commits of tomorrow morning. Your commit is OK, I have just updated my local sources. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Squid 2.5.STABLE10-NT won't rebuild store from disk
Hi Andrey, At 22.58 08/07/2005, Andrey Shorin wrote: Hello Andrey, Thursday, July 7, 2005, 18:12:25, Andrey Shorin wrote: > Subj. if swap.state file is deleted. > Debugging shows that's because > strncpy(dp->dent.d_name, dp->fileinfo.name, _MAX_FNAME) in readdir() > fails. Well, it was yesterday ;) Now this is sscanf() in > storeAufsDirGetNextFile() which fails. Can't get the cause yet... Comitted port/win32/src/readdir.c change to fix the problem (see patch attached). Good catch. I was just looking on the problem some minutes ago without success This comes from the recent STABLE 10 64 bit large file support. I have found another little problem in readdir.c, but not influent. P.S. [EMAIL PROTECTED] mailing list doesn't reflect my commit (2 hours passed since that). Is that OK? I'm subscribed to Squid-cvs digest, if there is a little activity, e-mail are sent on daily basis. On what mailing list do you are subscribed ? Regards Guido -- Best regards, Andrey Shorin - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [Squid Bug 518] - NTLM does no work (wb_auth)
Hi Henrik, Il 02.49 06/07/2005 [EMAIL PROTECTED] ha scritto: OK for commit. Just remember that this patch has nothing to do with the subject of this bug report (only the debug messages seen in the last tests). Sure. Do you think that this bug could be closed ? It seems that the original problem is no more present. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: CRT fd limitation in Squid NT port
HI Andrey, At 22.28 05/07/2005, Andrey Shorin wrote: > I think that changes should be deeper: My opinion is that we should > remove any direct reference to FD concept creating a virtualized > interface between Squid and the OS. > And this isn't a so simple thing to do ... :-( Well, that's what the whole idea is about. FileDescriptor class whould save HANDLE value internally in fh member (see above examples). On the other hand, existing calls to write/read in squid code won't e broken. Looks like I didn't catch your way of thinking about virtualized interface between Squid and the OS. By the way, do you concern only NT port or HEAD? The target is to have only one source tree, no more a separate Windows source tree. There are still some fundamental steps to do for this goal: - IPC virtualized support common to Windows and *nix OSes, already partially done from Robert Collins in the current nt-3_0 branch - Windows native socket supports and Squid FD concept virtualization, this all to be done. I thing that 3.0 release is too near for the second step (with the current development resources), but the first could be done in time for 3.0. For the second step, the target should be the 3.1 release. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: CRT fd limitation in Squid NT port
Hi Andrey, At 21.22 05/07/2005, Andrey Shorin wrote: Hello Guido, I've been thinking about the problem for a while. Here is what comes to mind. The only way to leave out CRT fd number limitation is to give up CRT use for files and sockets operations. On the other hand, code change to the source tree should be minimal. I agree: MS CRT is too limited and the impact in the source code should be minimal. Say, add one or two headers and a .cc file. From that, here is an idea: We could implement a class, say, FileDescriptor. Then we derive FDfile, FDtcp, FDpipe & FDudp from it (or whatever fd kind is needed). FileDescriptor class should have pure virtual methods for write, read, open, connect etc. Then we have functions like __inline int write(FileDescriptor& fd, const void *buffer, unsigned int count) { return fd.write(buffer, count); } int FDtcp::write(const void *buffer, unsigned int count) { return ::send(fh /* member of FileDescriptor */, buffer, count, 0); } int FDfile::write(const void *buffer, unsigned int count) { DWORD cbWritten; if ( WriteFile(fh, buffer, count, &cbWritten, NULL ) { return cbWritten; } else { ... } } This way, the source tree would remain mostly unchanged and squid won't have that 2048 fd limitation. I think that changes should be deeper: My opinion is that we should remove any direct reference to FD concept creating a virtualized interface between Squid and the OS. And this isn't a so simple thing to do ... :-( I haven't write something in C++ for quite a while. So I'm not sure if the idea would work at all ;) May be template thing should be used, which I'm not too familar with :) (but will read about it). My C++ knowledge is very limited too. I'm still looking, without success for now, for someone that could help me on this work. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Compiling squid3-CVS on FreeBSD
Hi Andrey, At 21.30 03/07/2005, Andrey Shorin wrote: Hello Squid, I'm getting trouble compiling squid3 on FreeBSD 5.4. After cvs [EMAIL PROTECTED]:/cvsroot/squid co -kk squid3 i do cd squid3 ./bootstrap.sh and here is what I get: tolsty:~/squid/squid3$ ./bootstrap.sh automake : 19 autoconfg: 259 libtool : 15 Bootstrapping Bootstrapping lib/libTrie Bootstrapping lib/cppunit-1.10.0 config/bb_enable_doxygen.m4:1: warning: underquoted definition of BB_ENABLE_DOXYGEN run info '(automake)Extending aclocal' or see http://sources.redhat.com/automake/automake.html#Extending-aclocal src/cppunit/Makefile.am:8: Libtool library used but `LIBTOOL' is undefined src/cppunit/Makefile.am:8: src/cppunit/Makefile.am:8: The usual way to define `LIBTOOL' is to add `AC_PROG_LIBTOOL' src/cppunit/Makefile.am:8: to `configure.in' and run `aclocal' and `autoconf' again. automake19 failed Autotool bootstrapping failed. You will need to investigate and correct before you can develop on this source tree Autotool bootstrapping complete. It seems that something in your libtool configuration is broken, but I don't know how help you to fix this problem. But, really you need to bootstrap the source tree ? If you don't have made any change to any makefile.am or configure.in, you don't need to bootstrap it: HEAD and 2.5 on squid-cache.org CVS repository are already bootstrapped. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Problem building diskd - Opinion needed
Hi, Building Squid 3.0 on HP Tru64 I have got the following error: depbase=`echo DiskIO/DiskDaemon/diskd.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`; \ if g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/usr/local/squid3/etc/squid.conf\" -I. -I. -I../include -I. -I. -I../include -I../include -I../lib/libTrie/include -I../lib/cppunit-1.10.0/include -I ../lib/cppunit- 1.10.0/include -I/usr/local/include -I/usr/local/include/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-s trings -Wcomments -D_REENTRANT -g -O2 -MT DiskIO/DiskDaemon/diskd.o -MD -MP -MF "$depbase.Tpo" -c -o Disk IO/DiskDaemon/diskd.o DiskIO/DiskDaemon/diskd.cc; \ then mv -f "$depbase.Tpo" "$depbase.Po"; else rm -f "$depbase.Tpo"; exit 1; fi DiskIO/DiskDaemon/diskd.cc: In function `void msg_handle(diomsg*, int, diomsg*)': DiskIO/DiskDaemon/diskd.cc:286: error: `assert' undeclared (first use this function) DiskIO/DiskDaemon/diskd.cc:286: error: (Each undeclared identifier is reported only once for each function it appears in.) DiskIO/DiskDaemon/diskd.cc: In function `int main(int, char**)': DiskIO/DiskDaemon/diskd.cc:329: error: `assert' undeclared (first use this function) make[2]: *** [DiskIO/DiskDaemon/diskd.o] Error 1 make[2]: Leaving directory `/home/users/serassio/3.0/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/users/serassio/3.0/src' make: *** [all] Error 2 The problems seems to be related to the following code in diskd.cc: #include "DiskIO/DiskDaemon/diomsg.h" #undef assert #include To avoid xassert() link problems, assert() is undefined and redefined, but on HP Tru64 the redefinition doesn't work. With the following solution the build process is fine: Index: diskd.cc === RCS file: /squid/squid3/src/DiskIO/DiskDaemon/diskd.cc,v retrieving revision 1.2 diff -u -p -r1.2 diskd.cc --- diskd.cc21 Dec 2004 15:47:33 - 1.2 +++ diskd.cc1 Jul 2005 22:10:02 - @@ -41,9 +41,12 @@ #include "DiskIO/DiskDaemon/diomsg.h" -#undef assert -#include +void +xassert(const char *msg, const char *file, int line) { +fprintf(stderr,"assertion failed: %s:%d: \"%s\"\n", file, line, msg); +abort(); +} const int diomsg::msg_snd_rcv_sz = sizeof(diomsg) - sizeof(mtyp_t); #define DEBUG(LEVEL) if ((LEVEL) <= DebugLevel) This solution could be fine ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: cvs commit: squid/src client_side.c
Hi Henrik, At 00.32 14/06/2005, [EMAIL PROTECTED] wrote: hno 2005/06/13 16:32:33 MDT Modified files:(Branch: SQUID_2_5) src client_side.c Log: Bug #1313: Core dump with STABLE10 and --ipf-transparent-proxy with FreeBSD 5.3 /5.4 This corrects a crash if built with --ipf-transparent-proxy and opening the NAT device failed. Revision ChangesPath 1.561.2.78 +40 -32squid/src/client_side.c I have found a little warning during build when transparent proxy is not used: source='client_side.c' object='client_side.o' libtool=no \ depfile='.deps/client_side.Po' tmpdepfile='.deps/client_side.TPo' \ depmode=gcc3 /bin/sh ../cfgaux/depcomp \ gcc -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\"/usr/local/squid/etc/squid.conf\" -I. -I. -I.. /include -I. -I. -I../include -I../include-D_FILE_OFFSET_BITS=64 -g -O2 -Wall -D_REENT RANT -c `test -f client_side.c || echo './'`client_side.c client_side.c: In function `parseHttpRequest': client_side.c:2735: warning: unused variable `last_reported' Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: squid -k seems to not work on HP Tru64
Hi Henrik, At 23.47 27/06/2005, Henrik Nordstrom wrote: On Mon, 27 Jun 2005, Serassio Guido wrote: This is what happens with a squid -X -k reconfigure started by root: 2005/06/27 20:43:28| getMyHostname: 'hal9000.acmeconsulting.loc' resolved into 'hal9000.ac meconsulting.loc' 2005/06/27 20:43:28| leave_suid: PID 1257 called 2005/06/27 20:43:28| leave_suid: PID 1257 giving up root, becoming 'squid' 2005/06/27 20:43:28| leave_suid: PID 1257 giving up root priveleges forever squid: ERROR: Could not send signal 1 to process 1249: (1) Not owner There is a thead on squid-users about this on other platforms, and I submitted a likely fix some minutes ago. Please try again with the current CVS. Yes, the fix solved the problem. Regards Guido Regards Henrik - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
squid -k seems to not work on HP Tru64
Hi, On latest HP Tru64 it seems that squid -k doesn't work. This is what happens with a squid -X -k reconfigure started by root: 2005/06/27 20:43:28| getMyHostname: 'hal9000.acmeconsulting.loc' resolved into 'hal9000.ac meconsulting.loc' 2005/06/27 20:43:28| leave_suid: PID 1257 called 2005/06/27 20:43:28| leave_suid: PID 1257 giving up root, becoming 'squid' 2005/06/27 20:43:28| leave_suid: PID 1257 giving up root priveleges forever squid: ERROR: Could not send signal 1 to process 1249: (1) Not owner but kill -1 1249 works fine. Squid runs as nobody user, same result with a generic dedicated 'squid' user. root 3813 1 0.0 21:06:07 ?? 0:00.06 /usr/local/squid/sbin/squid nobody 3815 3813 0.0 21:06:07 ?? 0:01.25 (squid) nobody 3816 3815 0.0 21:06:07 ?? 0:00.16 (wb_ntlmauth) nobody 3817 3815 0.0 21:06:07 ?? 0:00.15 (wb_ntlmauth) nobody 3818 3815 0.0 21:06:07 ?? 0:00.15 (wb_ntlmauth) nobody 3819 3815 0.0 21:06:07 ?? 0:00.15 (wb_ntlmauth) nobody 3820 3815 0.0 21:06:08 ?? 0:00.15 (wb_ntlmauth) nobody 3821 3815 0.0 21:06:08 ?? 0:00.06 (unlinkd) nobody 3822 3815 0.0 21:06:09 ?? 0:00.14 (pinger) Removing the no_suid() call, it seems work: Index: main.c === RCS file: /squid/squid/src/main.c,v retrieving revision 1.345.2.26 diff -u -p -r1.345.2.26 main.c --- main.c 13 Jun 2005 22:26:22 - 1.345.2.26 +++ main.c 27 Jun 2005 18:56:00 - @@ -686,7 +686,7 @@ main(int argc, char **argv) if (Config.chroot_dir && chroot(Config.chroot_dir)) { fatal("failed to chroot"); } - no_suid(); +/* no_suid();*/ sendSignal(); /* NOTREACHED */ } Any suggestion ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [squid-users] generated messages
Hi, At 14.45 22/06/2005, kdv wrote: On 14.06.2005 20:12 Emilio Casbas wrote: Aaron P. Martinez wrote: On Tue, 2005-06-14 at 10:24 -0500, Aaron P. Martinez wrote: I'm setting up a transparent proxy and all is working well except that it's supposed to be hidden from users and when one of the error pages is put up, like the error contacting site or dns errors, at the bottom there is a Generated Tue, 14 Jun 2005 15:16:45 GMT by cache.example.com (squid/2.5.STABLE6) message, can i get rid of that somehow? JUST so everyone knows, i'm not trying to change the machine name to something different than the "gethostname" function, i read that part in the FAQ, and i read that by default the signature is added to the end of every error page. I guess a better question is how to redefine %s so that it doesn't say "squid/'version'". We don't want our users to know there is a proxy in place. Edit the errorpage.c file, look the string "Generated %T by %h (%s)\n" and change it as you want, after you have to recompile squid. Emilio C. I think, changing errorpage.c is a hack which can't be done by anybody and not always comfortable. Can developers create a tag in squid.conf like this: errpages_add_sig on/off - to add or not the signature? Squid 3 has already a similar feature: http://www.squid-cache.org/bugs/show_bug.cgi?id=907 Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Starting SQUID/IPv6 tests...
Hi Henrik, At 23.59 08/06/2005, Henrik Nordstrom wrote: On Wed, 8 Jun 2005, Serassio Guido wrote: If there aren't any opposition, I like to commit the patch to Squid 3.0 HEAD. You are welcome. Done. As long as we remember that this should be redone more proper later on. I'have changed the bug #1201 to a code enhancement request, living it open. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Starting SQUID/IPv6 tests...
Hi, At 13.45 08/06/2005, Rafael Martinez Torres wrote: > > Rafael, you can try the patch in bug #1201, it should fix the problem > before the acl refactoring. > > http://www.squid-cache.org/bugs/show_bug.cgi?id=1201 > > Regards > > Guido > The patch works... As it is transient, should I commit my private branch ? If there aren't any opposition, I like to commit the patch to Squid 3.0 HEAD. Henrik, your opinion ? Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: Starting SQUID/IPv6 tests...
Hi, At 22.21 06/06/2005, Henrik Nordstrom wrote: On Mon, 6 Jun 2005, Rafael Martinez Torres wrote: This could be a known bug in Squid-3 where many acls crashes if used outside of http_access. I think I know were is the bug... The c->locks attribute is not properly iniatalized to 0 on C++ cbdata class. So, when cbdataLocl increases it, if it was randomly negative cbdataUnlock will find it not possitive... All cbdata classes is allocated via cbdataInternalAlloc which initializes these fields proper. I said, a stack trace showing exacly which error you are looking at would help a lot in trying to identify the cause. Without a stack trace all we can do is guess.. and my best guess is the known acl related problem (see bugzilla). Not technically a "problem", more like code partway thru refactoring and currently in an inconsistent state.. Rafael, you can try the patch in bug #1201, it should fix the problem before the acl refactoring. http://www.squid-cache.org/bugs/show_bug.cgi?id=1201 Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [Squid-cvs] nt-2_5 squid/src/fs/aufs store_dir_aufs.c,1.23.6.1.4.15,1.23.6.1.4.16
Hi Henrik, At 17.00 20/05/2005, Henrik Nordstrom wrote: This code is unchanged from many time. I have never changed this because I'm not sure about any implication on existing disk cache on any other system than Windows. There was an old thread on squid-dev about a similar question: http://www.squid-cache.org/mail-archive/squid-dev/200205/0107.html Hmm.. this is about COSS? Yes, look at the fopen() discussion. After this thread many of the setmode() was removed from HEAD and many fopen was changed to "rb". This was never done on 2.5. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: [Squid-cvs] nt-2_5 squid/src/fs/aufs store_dir_aufs.c,1.23.6.1.4.15,1.23.6.1.4.16
Hi Henrik, At 13.14 20/05/2005, Henrik Nordstrom wrote: On Fri, 20 May 2005, Guido Serassio wrote: --- store_dir_aufs.c27 Mar 2005 07:51:24 - 1.23.6.1.4.15 +++ store_dir_aufs.c20 May 2005 08:41:51 - 1.23.6.1.4.16 @@ -1175,7 +1175,7 @@ debug(50, 0) ("%s: %s\n", swaplog_path, xstrerror()); fatal("Failed to open swap log for reading"); } -#if defined(_SQUID_MSWIN_) || defined(_SQUID_CYGWIN_) +#if defined(_SQUID_CYGWIN_) setmode(fileno(fp), O_BINARY); #endif memset(&clean_sb, '\0', sizeof(struct stat)); Are you sure about this? The file is binary.. This is exactly the current code in 2.5 STABLE. I have changed the "#if defined" simply to remove a not needed Windows change in the aufs code (aufs is not used on Windows, awin32 is used instead). Additionally isn't it better to fopen the file binary to begin with? from fp = fopen(swaplog_path, "r"); to fp = fopen(swaplog_path, "rb"); the b flag is accepted by all systems I know of, including UNIX (ignored there..). Sure, in the nt branches, ufs and awin32 disk modules already open files in "rb" mode, without any setmode(). This code is unchanged from many time. I have never changed this because I'm not sure about any implication on existing disk cache on any other system than Windows. There was an old thread on squid-dev about a similar question: http://www.squid-cache.org/mail-archive/squid-dev/200205/0107.html Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: cvs commit: squid3/include Range.h
Hi Henrik, At 01.28 09/05/2005, [EMAIL PROTECTED] wrote: hno 2005/05/08 17:28:06 MDT Modified files: include Range.h Log: const correctness Revision ChangesPath 1.6 +2 -2 squid3/include/Range.h With an empty "port" acl, Squid crashes when dumping configuration in cachemgr: 2005/05/14 18:59:10| Warning: empty ACL: acl bad_port port Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 31519)] 0x08056a37 in Range::size (this=0x4) at Range.h:80 80 return end > start ? end - start : 0; (gdb) backtrace #0 0x08056a37 in Range::size (this=0x4) at Range.h:80 #1 0x08059d94 in ACLStrategised::dump (this=0x4) at ACLStrategised.h:166 #2 0x08051357 in ACL::dumpGeneric (this=0x0) at acl.cc:563 #3 0x08065bce in dump_acl (entry=0x4068c8c0, name=0x816b2b6 "acl", ae=0x4) at cache_cf.cc:811 #4 0x0806cfd5 in dump_config (entry=0x4068c8c0) at cf_parser.h:1620 #5 0x0807138d in cachemgrStart (fd=140053524, request=0x85940d8, entry=0x4068c8c0) at cache_manager.cc:332 and non empty "port" acl are not working: this is the dump output of the default squid.conf: acl to_localhost dst 127.0.0.0/255.0.0.0 acl SSL_ports port acl Safe_ports port acl CONNECT method CONNECT Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/