Re: [squid-users] Re: Large rock problem
Hi Alex After having problems with large-rock branch of squid i moved to test the other one collapsed-fwd and testing the last release but um still having some problems : FATAL: Squid has attempted to read data from memory that is not present. This is an indication of of (pre-3.0) code that hasn't been updated to deal with sparse objects in memory. Squid should coredump.allowing to review the cause. Immediately preceding this message is a dump of the available data in the format [start,end). The [ means from the value, the ) means up to the value. I.e. [1,5) means that there are 4 bytes of data, at offsets 1,2,3,4. and it stops after this error Best Regards Ayham On 12/03/2013 06:41 PM, Alex Rousskov wrote: On 12/03/2013 09:19 AM, Ayham Abou Afach wrote: sorry alex i think i was using the wrong one large-rock so i should first redo my test on the new one and then continue with the post. Yes, please. but why the large rock branch which is refereed from the large rock wiki is old ?? The Large Rock wiki page mentions both branches and instructs the reader to use the Collapsed Forwarding branch for testing. We did not propagate Large Rock-related changes on the Collapsed Forwarding branch back to the Large Rock branch because there were more important things to do. Hope this clarifies, Alex.
[squid-users] Re: squid proxy kerberos authentication failure. Help!!!
Hi Can you try auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -i -s GSS_C_NO_NAME instead of auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -i -s HTTP/proxy02.deeplayer@deeplayer.com I wonder if the kerberos library get confused having hostname proxy01 and keytab proxy02. It shouldn't. You could also try to remove the invalid KVNO entries from the keytab using ktutils (I assume you use MIT Kerberos). Markus flypast wrote in message news:1387686832968-4663976.p...@n4.nabble.com... thx for your confirmation(i did the right. thing ). let us go back to my issue. cld you pls help ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-proxy-kerberos-authentication-failure-Help-tp4663964p4663976.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
On Sun, 2013-12-22 at 09:52 +0200, Nikolai Gorchilov wrote: Hi Brian, Hi Nikolai, Do you add CFLAGS/CXXFLAGS/etc while ./configure? Well, *I* don't but Ubuntu's (Debian's in reality, I guess) build system does. :-) CFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security I had similar issue, until I completely removed them. Interesting. I wonder if we can be more surgical and figure out which one(s) are causing the problems? I suppose I can start though by removing them all and seeing if that is my problem also. Sadly, removing all CFLAGS/CXXFLAGS options done at configure time didn't help: make[4]: Entering directory `/usr/src/squid-3.4.1/helpers/basic_auth/LDAP' g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I/usr/include-I/usr/include/libxml2 -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -c -o basic_ldap_auth.o basic_ldap_auth.cc /bin/bash ../../../libtool --tag=CXX --mode=link g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la -L../../../compat -lcompat-squid -lldap -llber libtool: link: g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/.libs/libmiscencoding.a -L/usr/src/squid-3.4.1/compat -lcompat-squid -lldap -llber /usr/bin/ld.bfd.real: basic_ldap_auth.o: relocation R_X86_64_32 against `ber_pvt_opt_on' can not be used when making a shared object; recompile with -fPIC basic_ldap_auth.o: could not read symbols: Bad value collect2: ld returned 1 exit status I do notice at the end of the configure it reports: configure: Multi-Language support enabled: yes configure: BUILD LIBRARIES: configure: BUILD EXTRA LIBRARIES: -lm -lnsl -lresolv -lrt -ldl -ldl configure: BUILD OBJECTS: configure: BUILD EXTRA OBJECTS: configure: BUILD C FLAGS: -m64 -Wall configure: BUILD EXTRA C FLAGS: -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT configure: BUILD C++ FLAGS: -m64 -march=native -std=c++0x configure: BUILD EXTRA C++ FLAGS: -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT Those must be flags that configure has decided to add. Cheers, b. signature.asc Description: This is a digitally signed message part
Re: [squid-users] Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
Hey there, Before running into conclusions I want to make sure we understand what version do apply to the same bug and what internals can make this happen. This is not exactly a squid-users related topic but it can be for now until a bug will be filled. The exact case is that squid will not be compiled on ubuntu 12.04? What is the problem again? We need a full OS details full hardware details and configure options. I would be happy to run a test here to make sure what the problem is and to pinpoint the issue into a very specific one if needed(to a certain limit). The basic assumption is that the ubuntu developement requirements are met using the virtual package build-essential. Thanks, Eliezer On 22/12/13 16:55, Brian J. Murrell wrote: Interesting. I wonder if we can be more surgical and figure out which one(s) are causing the problems? I suppose I can start though by removing them all and seeing if that is my problem also. Sadly, removing all CFLAGS/CXXFLAGS options done at configure time didn't help: make[4]: Entering directory `/usr/src/squid-3.4.1/helpers/basic_auth/LDAP' g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I/usr/include-I/usr/include/libxml2 -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -c -o basic_ldap_auth.o basic_ldap_auth.cc /bin/bash ../../../libtool --tag=CXX --mode=link g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la -L../../../compat -lcompat-squid -lldap -llber libtool: link: g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/.libs/libmiscencoding.a -L/usr/src/squid-3.4.1/compat -lcompat-squid -lldap -llber /usr/bin/ld.bfd.real: basic_ldap_auth.o: relocation R_X86_64_32 against `ber_pvt_opt_on' can not be used when making a shared object; recompile with -fPIC basic_ldap_auth.o: could not read symbols: Bad value collect2: ld returned 1 exit status I do notice at the end of the configure it reports: configure: Multi-Language support enabled: yes configure: BUILD LIBRARIES: configure: BUILD EXTRA LIBRARIES: -lm -lnsl -lresolv -lrt -ldl -ldl configure: BUILD OBJECTS: configure: BUILD EXTRA OBJECTS: configure: BUILD C FLAGS: -m64 -Wall configure: BUILD EXTRA C FLAGS: -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT configure: BUILD C++ FLAGS: -m64 -march=native -std=c++0x configure: BUILD EXTRA C++ FLAGS: -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT Those must be flags that configure has decided to add. Cheers, b.
[squid-users] Re: Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
On Sun, 2013-12-22 at 18:46 +0200, Eliezer Croitoru wrote: Hey there, Hi, The exact case is that squid will not be compiled on ubuntu 12.04? Yes. What is the problem again? The error message is below, but also in the URL linked below. We need a full OS details Up-to-date Ubuntu LTS 12.04 full hardware details and configure options. X86_64 Full build output from dpkg-buildpackage including configure options and output, etc. can be found here: http://brian.interlinx.bc.ca/squid_build_error I would be happy to run a test here to make sure what the problem is and Thanks! b. On 22/12/13 16:55, Brian J. Murrell wrote: Interesting. I wonder if we can be more surgical and figure out which one(s) are causing the problems? I suppose I can start though by removing them all and seeing if that is my problem also. Sadly, removing all CFLAGS/CXXFLAGS options done at configure time didn't help: make[4]: Entering directory `/usr/src/squid-3.4.1/helpers/basic_auth/LDAP' g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I/usr/include-I/usr/include/libxml2 -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -c -o basic_ldap_auth.o basic_ldap_auth.cc /bin/bash ../../../libtool --tag=CXX --mode=link g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la -L../../../compat -lcompat-squid -lldap -llber libtool: link: g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/.libs/libmiscencoding.a -L/usr/src/squid-3.4.1/compat -lcompat-squid -lldap -llber /usr/bin/ld.bfd.real: basic_ldap_auth.o: relocation R_X86_64_32 against `ber_pvt_opt_on' can not be used when making a shared object; recompile with -fPIC basic_ldap_auth.o: could not read symbols: Bad value collect2: ld returned 1 exit status I do notice at the end of the configure it reports: configure: Multi-Language support enabled: yes configure: BUILD LIBRARIES: configure: BUILD EXTRA LIBRARIES: -lm -lnsl -lresolv -lrt -ldl -ldl configure: BUILD OBJECTS: configure: BUILD EXTRA OBJECTS: configure: BUILD C FLAGS: -m64 -Wall configure: BUILD EXTRA C FLAGS: -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT configure: BUILD C++ FLAGS: -m64 -march=native -std=c++0x configure: BUILD EXTRA C++ FLAGS: -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT Those must be flags that configure has decided to add. Cheers, b. signature.asc Description: This is a digitally signed message part
Re: [squid-users] Re: Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
OK so summary: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 12.04.3 LTS Release:12.04 Codename: precise $ uname -a Linux storeid 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux $ ./squid -v Squid Cache: Version 3.4.1 configure options: --enable-ltdl-convenience $ ps aux |grep squid eliezer 1419 0.0 0.1 26416 1612 ?Ss 20:24 0:00 ./squid eliezer 1421 0.1 0.9 31404 9264 ?S20:24 0:00 (squid-1) eliezer 1422 0.0 0.0 4316 352 ?S20:24 0:00 (logfile-daemon) /usr/local/squid/var/logs/access.log eliezer 1426 0.0 0.0 9364 612 pts/0S+ 20:24 0:00 grep --color=auto squid eliezer@storeid:/usr/local/squid/sbin$ tail ../var/logs/access.log -f 1387736915.750221 192.168.10.100 TCP_MISS/301 636 GET http://help.ubuntu.com/community/CheckingYourUbuntuVersion - HIER_DIRECT/91.189.89.122 text/html 1387736936.723 20880 192.168.10.100 TCP_MISS/200 1023 CONNECT help.ubuntu.com:443 - HIER_DIRECT/91.189.89.122 - And for now the conclusion is that build-essential virtual package is needed for basic squid compilation. If there are specific flags that prevents squid from being compiled it's another story.. What commands do you use to build squid? it's a bit weird all this rm at the beginning of the build... First try to build squid from sources in the basic way of squid while using build-essential virtual package.(configure with no options at all!!) Then add *manually* the debian configure flags. Only and Only then see what happens.. Thanks, Eliezer On 22/12/13 19:58, Brian J. Murrell wrote: On Sun, 2013-12-22 at 18:46 +0200, Eliezer Croitoru wrote: Hey there, Hi, The exact case is that squid will not be compiled on ubuntu 12.04? Yes. What is the problem again? The error message is below, but also in the URL linked below. We need a full OS details Up-to-date Ubuntu LTS 12.04 full hardware details and configure options. X86_64 Full build output from dpkg-buildpackage including configure options and output, etc. can be found here: http://brian.interlinx.bc.ca/squid_build_error I would be happy to run a test here to make sure what the problem is and Thanks! b. On 22/12/13 16:55, Brian J. Murrell wrote: Interesting. I wonder if we can be more surgical and figure out which one(s) are causing the problems? I suppose I can start though by removing them all and seeing if that is my problem also. Sadly, removing all CFLAGS/CXXFLAGS options done at configure time didn't help: make[4]: Entering directory `/usr/src/squid-3.4.1/helpers/basic_auth/LDAP' g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I/usr/include-I/usr/include/libxml2 -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -c -o basic_ldap_auth.o basic_ldap_auth.cc /bin/bash ../../../libtool --tag=CXX --mode=link g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la -L../../../compat -lcompat-squid -lldap -llber libtool: link: g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z -Wl,relro -Wl,-z -Wl,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/.libs/libmiscencoding.a -L/usr/src/squid-3.4.1/compat -lcompat-squid -lldap -llber /usr/bin/ld.bfd.real: basic_ldap_auth.o: relocation R_X86_64_32 against `ber_pvt_opt_on' can not be used when making a shared object; recompile with -fPIC basic_ldap_auth.o: could not read symbols: Bad value collect2: ld returned 1 exit status I do notice at the end of the configure it reports: configure: Multi-Language support enabled: yes configure: BUILD LIBRARIES: configure: BUILD EXTRA LIBRARIES: -lm -lnsl -lresolv -lrt -ldl -ldl configure: BUILD OBJECTS: configure: BUILD EXTRA OBJECTS: configure: BUILD C FLAGS: -m64 -Wall configure: BUILD EXTRA C FLAGS: -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments -Wshadow -Werror -pipe -D_REENTRANT configure: BUILD C++ FLAGS: -m64 -march=native -std=c++0x configure: BUILD EXTRA C++ FLAGS: -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT Those must be flags that configure has decided to add. Cheers, b.
Re: [squid-users] Re: Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
Took me awhile here on this old system but eventually: $ /usr/local/squid/sbin/squid -v Squid Cache: Version 3.4.1 configure options: '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,RADIUS,SASL,SMB,DB,POP3,getpwnam' '--enable-auth-ntlm=smb_lm' '--enable-auth-negotiate=kerberos' '--enable-auth-digest=LDAP,file' '--enable-external-acl-helpers=file_userip,LDAP_group,session,time_quota,unix_group,wbinfo_group' '--enable-arp-acl' '--enable-esi' '--enable-zph-qos' '--enable-wccpv2' '--disable-translation' '--with-large-files' '--disable-eui' '--enable-linux-netfilter' --enable-ltdl-convenience $ tail /usr/local/squid/var/logs/access.log -f 1387742491.803 2280 192.168.10.100 TCP_MISS/200 175630 GET http://brian.interlinx.bc.ca/squid_build_error - HIER_DIRECT/67.193.232.12 - So it works while compiling with a non-root user on a ubuntu server 12.04.3 while compiling from source but not using dpkg(what you have mentioned). Are there any patches that are applied to the sources during the compilation process? Will you be able to supply all the details on the build system and on the build procedure?(commands, downloads, etc..) All The Bests, Eliezer On 22/12/13 20:40, Eliezer Croitoru wrote: OK so summary: $ lsb_release -a No LSB modules are available. Distributor ID:Ubuntu Description:Ubuntu 12.04.3 LTS Release:12.04 Codename:precise $ uname -a Linux storeid 3.8.0-29-generic #42~precise1-Ubuntu SMP Wed Aug 14 16:19:23 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux $ ./squid -v Squid Cache: Version 3.4.1 configure options: --enable-ltdl-convenience $ ps aux |grep squid eliezer 1419 0.0 0.1 26416 1612 ?Ss 20:24 0:00 ./squid eliezer 1421 0.1 0.9 31404 9264 ?S20:24 0:00 (squid-1) eliezer 1422 0.0 0.0 4316 352 ?S20:24 0:00 (logfile-daemon) /usr/local/squid/var/logs/access.log eliezer 1426 0.0 0.0 9364 612 pts/0S+ 20:24 0:00 grep --color=auto squid eliezer@storeid:/usr/local/squid/sbin$ tail ../var/logs/access.log -f 1387736915.750221 192.168.10.100 TCP_MISS/301 636 GET http://help.ubuntu.com/community/CheckingYourUbuntuVersion - HIER_DIRECT/91.189.89.122 text/html 1387736936.723 20880 192.168.10.100 TCP_MISS/200 1023 CONNECT help.ubuntu.com:443 - HIER_DIRECT/91.189.89.122 - And for now the conclusion is that build-essential virtual package is needed for basic squid compilation. If there are specific flags that prevents squid from being compiled it's another story.. What commands do you use to build squid? it's a bit weird all this rm at the beginning of the build... First try to build squid from sources in the basic way of squid while using build-essential virtual package.(configure with no options at all!!) Then add *manually* the debian configure flags. Only and Only then see what happens.. Thanks, Eliezer On 22/12/13 19:58, Brian J. Murrell wrote: On Sun, 2013-12-22 at 18:46 +0200, Eliezer Croitoru wrote: Hey there, Hi, The exact case is that squid will not be compiled on ubuntu 12.04? Yes. What is the problem again? The error message is below, but also in the URL linked below. We need a full OS details Up-to-date Ubuntu LTS 12.04 full hardware details and configure options. X86_64 Full build output from dpkg-buildpackage including configure options and output, etc. can be found here: http://brian.interlinx.bc.ca/squid_build_error I would be happy to run a test here to make sure what the problem is and Thanks! b. On 22/12/13 16:55, Brian J. Murrell wrote: Interesting. I wonder if we can be more surgical and figure out which one(s) are causing the problems? I suppose I can start though by removing them all and seeing if that is my problem also. Sadly, removing all CFLAGS/CXXFLAGS options done at configure time didn't help: make[4]: Entering directory `/usr/src/squid-3.4.1/helpers/basic_auth/LDAP' g++ -DHAVE_CONFIG_H -I../../.. -I../../../include -I../../../lib -I../../../src -I../../../include -I/usr/include -I/usr/include/libxml2 -D_FORTIFY_SOURCE=2 -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -c -o basic_ldap_auth.o basic_ldap_auth.cc /bin/bash ../../../libtool --tag=CXX --mode=link g++ -I/usr/include/libxml2 -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -m64 -march=native -std=c++0x -m64 -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la -L../../../compat -lcompat-squid -lldap -llber libtool:
Re: [squid-users] Re: Re: Re: relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
Please try with the latest 3.4.1 daily update tarball/rsync version of the code. A more polished version of the libtool patch has been applied there. Amos
[squid-users] Re: squid proxy kerberos authentication failure. Help!!!
Hi Markus, Firstly, Thank you very much and Merry Christmas!!! Tried as your suggestion. But still no lucky. The logs as below: 2013/12/23 14:27:47| squid_kerb_auth: DEBUG: Got 'YR YIIFGgYGKwYBBQUCoIIFDjCCBQqgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBOAEggTcYIIE2AYJKoZIhvcSAQICAQBuggTHMIIEw6ADAgEFoQMCAQ6iBwMFACCjggPuYYID6jCCA+agAwIBBaEPGw1ERUVQTEFZRVIuQ09NoigwJqADAgECoR8wHRsESFRUUBsVcHJveHkwMi5kZWVwbGF5ZXIuY29to4IDojCCA56gAwIBF6EDAgEQooIDkASCA4zi9X+m6Oeb0vJLwtyfr2nIi9TLz67eGY7xwPo/IAwjDk0ex8u/thawee+EBof8EbXr+f3lxLytvFS7B0Rn++ECej/O38uSf2Swpd0tupixSFrQgKAhBOZy/meeUNs+b4ViLygMnb9aoqOuQak2y09NSUPcaQU0jqluO5KTS37W3vYuU8ykNO+DNf4lDkGqSSQ7SPApuH8NrrQ4sAkByVjDspfsLYd9AaaptdRMBPQLzSVKFVG9L3d3tRjV9VAPavCQxogVOsh3i+bPR0VcAbunjqWBVxBalB+28TU6MkyZ1fupZIq8fsXy6Q1jdiSK6ED7H3ovxV2X+O6MEEOPSmsHXqmOYjDjkRCGsFAT3lmJOycbzA4sTAyHIcYYAnSjLhTJ0sFDVnDbTpppD4R/rfYOJTeHZ4P19/laxYczN96r5E7EE906ss4GeodF5EANpE5oEqmQ+CxK1gVTcHlZ1BWbjqTUKVYEwdikZ8k2bexB06ibFUCjA4u6FIoY5fPH2xhB4qR4aLWtjuED+1XHLcwbJzawcDnbswMJobUOoXHxHRjYxMKfuzZAtZ8mPynFSZWTt2nuMIsGNvTiGSUAupqY1ILSnRWbs3EO5OX5AXJa3+uYhj09afbQViM3Zq0Uo6/foFYWcbhY/iERhPuHgGS6EAggHDhu7cWc1NP+4uW1UQv4jH/NFTo0rkLDLqw2ip6USlvqj2HvZFMNaBJ+WmhTDAmDQ2w7Z+XBCNdj3b8/b5qPTtF/aFoL6erc9cS6d7yqLQGVkmr193u6hx9iGoOsZ9/++olBzuE3Cr4dlbgkyLovmjytNA44R0QzjKs/6o8mZSQ7XUGZ4SqD2LP4g2/0iVa8BMPqsSCWqVXR+lGflO9wE7WX/Kemt4o6g8JHdvUr0/XvCvdGSaQLlp2sbKHE+NM3IZE1zfGrP38cmjyCsJmLsmeNGcyXYvUye9Crnu9FM1s1ZDgP9F7CJ9+KG9sybaiMqO4XQs+OMyC3kMzB3jhOhmfhqxe/Z6ohKIw3nalIog9ISCbzW1pi5uVNVMTV53Hzuw5Ww9jwHf9HkrTpFYng4ipeBhVH/DUaUjFfGUnxXMzkq1hX17MbOCfwW73fa71ZFa2zeW4B+RuOLfKWWQzFGGgDH/vAoSM6wP1FnyER6V5YBXIYkwfgOuH5EiLEHI474fL6FoxCf33SxrknpcpKmYc+SkAfZ2eZtaSBuzCBuKADAgEXooGwBIGtSESWmWq43Bh82AYW1XSYPPRL9oKMVOAn/ZERSgCz/jpooQTUTNsW6RMUgoSad14Y8bnGCog8fYHkuEu6/guI6P7fVwztLNtb1lbIeHtILSe28smMg02A9YlV7PzSD4tRA+Ob5kEAWdylpgjwHHCOfqw2qof4eMqNU79dTnfnHq13i7bn4VMwg7BWdFMS9Xi+pDplC4E4/Kpq7qaGB8WsLMRGB7KiBmQzz3VkoRE=' from squid (length: 1751). 2013/12/23 14:27:47| squid_kerb_auth: DEBUG: Decode 'YIIFGgYGKwYBBQUCoIIFDjCCBQqgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBOAEggTcYIIE2AYJKoZIhvcSAQICAQBuggTHMIIEw6ADAgEFoQMCAQ6iBwMFACCjggPuYYID6jCCA+agAwIBBaEPGw1ERUVQTEFZRVIuQ09NoigwJqADAgECoR8wHRsESFRUUBsVcHJveHkwMi5kZWVwbGF5ZXIuY29to4IDojCCA56gAwIBF6EDAgEQooIDkASCA4zi9X+m6Oeb0vJLwtyfr2nIi9TLz67eGY7xwPo/IAwjDk0ex8u/thawee+EBof8EbXr+f3lxLytvFS7B0Rn++ECej/O38uSf2Swpd0tupixSFrQgKAhBOZy/meeUNs+b4ViLygMnb9aoqOuQak2y09NSUPcaQU0jqluO5KTS37W3vYuU8ykNO+DNf4lDkGqSSQ7SPApuH8NrrQ4sAkByVjDspfsLYd9AaaptdRMBPQLzSVKFVG9L3d3tRjV9VAPavCQxogVOsh3i+bPR0VcAbunjqWBVxBalB+28TU6MkyZ1fupZIq8fsXy6Q1jdiSK6ED7H3ovxV2X+O6MEEOPSmsHXqmOYjDjkRCGsFAT3lmJOycbzA4sTAyHIcYYAnSjLhTJ0sFDVnDbTpppD4R/rfYOJTeHZ4P19/laxYczN96r5E7EE906ss4GeodF5EANpE5oEqmQ+CxK1gVTcHlZ1BWbjqTUKVYEwdikZ8k2bexB06ibFUCjA4u6FIoY5fPH2xhB4qR4aLWtjuED+1XHLcwbJzawcDnbswMJobUOoXHxHRjYxMKfuzZAtZ8mPynFSZWTt2nuMIsGNvTiGSUAupqY1ILSnRWbs3EO5OX5AXJa3+uYhj09afbQViM3Zq0Uo6/foFYWcbhY/iERhPuHgGS6EAggHDhu7cWc1NP+4uW1UQv4jH/NFTo0rkLDLqw2ip6USlvqj2HvZFMNaBJ+WmhTDAmDQ2w7Z+XBCNdj3b8/b5qPTtF/aFoL6erc9cS6d7yqLQGVkmr193u6hx9iGoOsZ9/++olBzuE3Cr4dlbgkyLovmjytNA44R0QzjKs/6o8mZSQ7XUGZ4SqD2LP4g2/0iVa8BMPqsSCWqVXR+lGflO9wE7WX/Kemt4o6g8JHdvUr0/XvCvdGSaQLlp2sbKHE+NM3IZE1zfGrP38cmjyCsJmLsmeNGcyXYvUye9Crnu9FM1s1ZDgP9F7CJ9+KG9sybaiMqO4XQs+OMyC3kMzB3jhOhmfhqxe/Z6ohKIw3nalIog9ISCbzW1pi5uVNVMTV53Hzuw5Ww9jwHf9HkrTpFYng4ipeBhVH/DUaUjFfGUnxXMzkq1hX17MbOCfwW73fa71ZFa2zeW4B+RuOLfKWWQzFGGgDH/vAoSM6wP1FnyER6V5YBXIYkwfgOuH5EiLEHI474fL6FoxCf33SxrknpcpKmYc+SkAfZ2eZtaSBuzCBuKADAgEXooGwBIGtSESWmWq43Bh82AYW1XSYPPRL9oKMVOAn/ZERSgCz/jpooQTUTNsW6RMUgoSad14Y8bnGCog8fYHkuEu6/guI6P7fVwztLNtb1lbIeHtILSe28smMg02A9YlV7PzSD4tRA+Ob5kEAWdylpgjwHHCOfqw2qof4eMqNU79dTnfnHq13i7bn4VMwg7BWdFMS9Xi+pDplC4E4/Kpq7qaGB8WsLMRGB7KiBmQzz3VkoRE=' (decoded length: 1310). 2013/12/23 14:27:47| squid_kerb_auth: ERROR: gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information. 2013/12/23 14:27:47| squid_kerb_auth: INFO: User not authenticated 2013/12/23 14:27:47| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_accept_sec_context() failed: Unspecified GSS failure. Minor code may provide more information BTW: On the DC C:\Users\Administratorsetspn -L proxy02 Registered ServicePrincipalNames for CN=proxy02,CN=Computers,DC=deeplayer,DC=com : HTTP/proxy02.deeplayer.com [root@proxy01 squid]# klist -ekt /etc/squid/squid.keytab Keytab name: FILE:/etc/squid/squid.keytab KVNO Timestamp Principal - 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (arcfour-hmac) 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes128-cts-hmac-sha1-96) 16 12/22/13 13:14:31 proxy02$@DEEPLAYER.COM (aes256-cts-hmac-sha1-96) 16 12/22/13 13:14:31 HTTP/proxy02.deeplayer@deeplayer.com (arcfour-hmac) 16 12/22/13 13:14:31 HTTP/proxy02.deeplayer@deeplayer.com (aes128-cts-hmac-sha1-96) 16 12/22/13
RE: [squid-users] HTTP_X_FORWARDED_FOR for https request
Hello, Please can u suggest where its going wrong? From: nil_fe...@hotmail.com To: mdi...@diwanconsulting.com; ironwil...@gmail.com CC: squid-users@squid-cache.org Date: Fri, 22 Nov 2013 14:33:48 + Subject: RE: [squid-users] HTTP_X_FORWARDED_FOR for https request I am using SSL bumping as below: http_port 10.10.17.23:3127 intercept http_port 10.10.17.23:3128 http_port 10.10.17.23:3129 generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/mycert.pem intercept ssl-bump ssl_bump server-first sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 20 forwarded_for on Didn't get client IP :( From: mdi...@diwanconsulting.com To: ironwil...@gmail.com CC: squid-users@squid-cache.org Date: Fri, 22 Nov 2013 09:23:03 -0500 Subject: Re: [squid-users] HTTP_X_FORWARDED_FOR for https request yes that is true, so with https sites using CONNECT this will not work, but with an sslbump implementation in squid , which http headers can you manipulate and then forward? -Original Message- From: Will Roberts ironwil...@gmail.com To: squid-users@squid-cache.org Subject: Re: [squid-users] HTTP_X_FORWARDED_FOR for https request Date: Fri, 22 Nov 2013 09:14:52 -0500 Unless you do SSL bumping, Squid will not touch the contents of HTTPS connections. --Will On 11/22/2013 09:12 AM, Madhav V Diwan wrote: Add this directive to your squid.conf file forwarded_for on The documentation for the directive is here: http://www.squid-cache.org/Doc/config/forwarded_for/ -Original Message- From: Nil Nik nil_fe...@hotmail.com To: squid-users@squid-cache.org squid-users@squid-cache.org Subject: [squid-users] HTTP_X_FORWARDED_FOR for https request Date: Fri, 22 Nov 2013 14:04:02 + I have setup squid (3.3.9) and Apache(https enabled) on same system. when I access https site on Apache through squid proxy then HTTP_X_FORWARDED_FOR is not found. I want to get client IP on Apache. Please help me.
Re: [squid-users] Re: Large rock problem
On 12/22/2013 06:04 AM, Ayham Abou Afach wrote: Hi Alex After having problems with large-rock branch of squid i moved to test the other one collapsed-fwd and testing the last release but um still having some problems: FATAL: Squid has attempted to read data from memory that is not present. Please test collapsed-fwd branch r12592 (or later): I do recall seeing the above error within the last month or so. IIRC, I fixed it. Unfortunately, I cannot recall which Squid code base had it. I hope the changes that went into collapsed-fwd r12589 or r12592 are it, but I do not really know so please update and test r12592 (or later). This is an indication of of (pre-3.0) code that hasn't been updated to deal with sparse objects in memory. Squid should coredump.allowing to review the cause. I am guessing your Squid did not dump core after printing the above. IIRC, mine did not have the code to do it (a different bug). If you did get a core, please post a backtrace: http://wiki.squid-cache.org/SquidFaq/BugReporting HTH, Alex.
Re: [squid-users] Squid 3.3 is very aggressive with memory
On 12/22/2013 12:39 AM, Nathan Hoad wrote: On Wed, Dec 18, 2013 at 4:54 PM, Alex Rousskov wrote: I recommend the following next steps: 1. Set memory_pools off. 2. Disable all caching with cache deny all. Do you see as similar memory growth pattern after the above two steps? I do see a similar pattern, although slowed [...] I'm happy to go in the other direction and raise the size of the memory pools, if that could be something useful. No, please keep memory pools off and caching disabled for as long as you can -- it simplifies triage. I have got an ALL,9 log, but I am hesitant to unleash it on anyone as it is a 20gb file, from start to stop. If there is interest, I can still upload it - it compresses down to 1.7gb. I will email you upload instructions privately. Running valgrind produces repeated, spurious errors Could be a platform-specific issue, bit if you have not ./configured Squid --with-valgrind-debug and --disable-optimizations, please do so and repeat the valgrind test. If valgrind works after that configuration change, post or upload the resulting valgrind log (keeping Squid's debug_options at ALL,1). Here is a valgrind configuration that you may find useful (adjust as needed): valgrind -v --trace-children=yes --num-callers=30 --log-file=valgrind-%p.log --leak-check=full --show-reachable=no --suppressions=valgrind.supp The suppression file is attached (it is outdated and incomplete but probably still helps). Please note that valgrind slows Squid down a lot. Thank you, Alex. # Invalid read of size 4 { mainInitialize-addr4 Memcheck:Addr4 ... fun:_ZL14mainInitializev ... fun:main } { mainInitialize-leak Memcheck:Leak ... fun:_ZL14mainInitializev ... fun:main } { cbdata-initType-leak Memcheck:Leak ... fun:_ZL22cbdataInternalInitType11cbdata_typePKciPFvPvE ... fun:main } # These may be true leaks that should be eventually fixed (think reconfigure) { parseConfigFile-leak Memcheck:Leak ... fun:_Z15parseConfigFilePKc ... fun:main }