[squid-users] Re: TPROXY surf as client
I want to create fake traffic for website with 1000 different ip's within few minutes . Something like you say to 1000 different clients/IPs to surf that site from 11:00 to 11:15 . I want to achieve this with help of squid tproxy and without need to disconnect users . Squid is doing something like that with tproxy because users requests routed to it . so it could do that job if a script runs on squid box . I just don't know how to spoof requested source ip in that script . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666448.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 22/06/2014 6:26 p.m., Omid Kosari wrote: > Eliezer Croitoru-2 wrote >> On 06/21/2014 06:12 PM, Amos Jeffries wrote: >>> TCP does not permit that. The SYN-ACK will fail. >>> >>> Amos >> Unless it will come from the proxy server but still it's not recommended >> and in many cases is even illegal and can be considered as a real series >> crime and abusive use of IP address. >> >> Eliezer > > Thanks . Please more description . I want to run the script on proxy server > . it may use same iptables rules which squid uses for tproxy job . Please > guide me . Omid, What do you hope to achieve with this? Amos
[squid-users] Re: TPROXY surf as client
Eliezer Croitoru-2 wrote > On 06/21/2014 06:12 PM, Amos Jeffries wrote: >> TCP does not permit that. The SYN-ACK will fail. >> >> Amos > Unless it will come from the proxy server but still it's not recommended > and in many cases is even illegal and can be considered as a real series > crime and abusive use of IP address. > > Eliezer Thanks . Please more description . I want to run the script on proxy server . it may use same iptables rules which squid uses for tproxy job . Please guide me . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666446.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Re: TPROXY surf as client
On 06/21/2014 06:12 PM, Amos Jeffries wrote: TCP does not permit that. The SYN-ACK will fail. Amos Unless it will come from the proxy server but still it's not recommended and in many cases is even illegal and can be considered as a real series crime and abusive use of IP address. Eliezer
Re: [squid-users] Squid 3.4 very high cpu - strace.
Another experiment is to try purging and rebuilding the ssl_crtd helper cache. Hi Amos, We do the above on every squid restart anyway (via a wrapper script). Your config file has some nits (may not be relevant to the problem though): * Try switching the order of "manager localhost" so localhost is tested first. Manager has become a regex ACL. * hierarchy_stoplist can be removed completely. It is serving no purpose in your config. Yeah, I know! This config has pretty much just been tweaked from an original one that's about 11 years old. I'm still really keen to figure out why we can't really proceed to 3.4 and then hopefully get it fixed, Management have already asked to get in a reseller to look at Bluecoat/Barracuda/Websense etc so I'll try my best to get a good number of users on each config change I do to diagnose the problem. Thanks for your time. Cheers, Alex
[squid-users] Re: upgrading from 3.3.8 to 3.4.5 crashes negotiate_kerberos_auth
Hi George, I see now the cause. The Kerberos function krb5_free_data does not check for NULL pointer before freeing. Here is a work around replace krb5_free_data with: if (ad_data) { if (ad_data->data) free(ad_data->data); free(ad_data); } /*krb5_free_data(context, ad_data);*/ Regards Markus "George Billios" wrote in message news:e1wyea5-gq...@rmm6prod02.runbox.com... Here is the output: (gdb) where #0 0x75f911b5 in *__GI_raise (sig=) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x75f93fc0 in *__GI_abort () at abort.c:92 #2 0x75fc75bb in __libc_message (do_abort=, fmt=) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189 #3 0x75fd0e16 in malloc_printerr (action=3, str=0x76088748 "double free or corruption (fasttop)", ptr=) at malloc.c:6267 #4 0x75fd5b8c in *__GI___libc_free (mem=) at malloc.c:3739 #5 0x77939472 in krb5_free_data (context=, val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253 #6 0x004051a4 in get_ad_groups (ad_groups=0x7fffaff0 "", context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464 #7 0x00403265 in main (argc=5, argv=0x7fffe0e8) at negotiate_kerberos_auth.cc:419 BR, George On Fri, 20 Jun 2014 19:11:27 +0100, "Markus Moeller" wrote: Can you type where at the gdb prompt after the crash. It should list the function and location Markus "George Billios" wrote in message news:e1wxwko-h9...@rmm6prod02.runbox.com... So I tried to compile with -g and follow your instructions, here is what I get: YR YIIK3QYGKwYBBQUCoIIK0TCCCs2gHzAdBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgKiggqoBIIKpGCCCqAGCSqGSIb3EgECAgEAboIKjzCCCougAwIBBaEDAgEOogcDBQAAo4IJmmGCCZYwggmSoAMCAQWhExsRR1IwMDEuU0lFTUVOUy5ORVSiLjAsoAMCAQOhJTAjGwRIVFRQGxtwcm94eS1hcnQuZ3IwMDEuc2llbWVucy5uZXSjgglEMIIJQKADAgESoQMCAQWiggkyBIIJLsB+VwJfASUmAV/I5QRhC/TkUfvuAlO+XGudZV/dSrHW8lkmTPbu2Qb3mZNALU9do+dqSX+HVnIpI3Zm/mG6Tvvq3It48ruvilQXNvwVXmA4B13Vb6B+929lLxpMY+qKG7Y7CrW1RXeu9i6VQwXbEZIFKXf9sUolhruLLZ2lQBm1VRNvMYpyR2hIGG6cGimZjWxNgIrTZyI1aEuP5Xxv9ffdODzZvZsedLTJ3EW44mOsJKKJY1yq6BASxtHS7KNRJtspelgt28vtgfCNEwFDH9pgbOvf+o1xXVGmX6tjkXkYAqH6mzfBIRlyZL1jJRxcWa6ZJyz6Rzon3h1xXeVM58kv9eo1DT2VNPouMyVbBszssC0zuYRMByoWjPwC+CyzZv2AAhw4WuuOZZpcvo8NALMm+8KMsLQCjvohIyN3DtVICp8Y5xsKGGVdPz9eRHHZZ4uDzy4ULya8ek0zukoGruqiPpjG0VPfVE1EckBbCsy9nrvBWvM/h7ulcR+iFB5iJzpnMsI+TyRjGqDwfQ4zxlpaZH3bERnGrsns3WoB4hKSz5UIYE4lygoImJmE6VGykVSayXXwtR2uME8S62lDeDfiRlUQj47DEeHX5QI+I67LJx4qbZOn7HntPKMkp3SVucXiudn8BD1C07+6O3tim2sctbOkAFQ0IqQ7d0+QDFfYBdW9+sXB02pf0GDwrVmT0Lzo ZJD7liCmNv1fX3ZC2yHHVTDfERSXl5B+1NaLbLrRWfxXqSt4/qre5DR8YDVtcC5rmXGYd1mTAvYALzf+aM9RlMUgt0S6lbbFJiXMry55D69Puo3vqEMtOVKlf9GvQFXpLT5QU4ZUT152Lm+bMH9H5qvbdgW/4RoNr1L4GBojffm30qCS2LPS7gn52/Fk7mjbpt0TuFnoDWNV9fWcS44Frvi0fFXk/y3ALgFw5YpD1YE0uPP9s6B2BVm39TuSu6jboITgzLmHJgS7LSO1XTEiP6EfR9zWkmkp1Alt1PChhxzUPomfZA60hvtms50jj4+F9B3lmCg2BOl8YkItqQV+tRApRRznDxrNVfDvhsAJGrTXOHwW6/xvyysxa6S6fS2cljoHLCuNcbk7UC0rkKoOrHxsuqXFtPg5WpoDcOrqD9A1ZcKW3E653C+BelYK0aYitkPsRFHb3qRkti5DeJZF0QBKopCv5dX7VuCn0y/UaNVSnqEHKHgRkFvYnpvAPb1K8IU94Dl8uG3iwU/mOniQEuBT8/IEH+K3fhHFKR/MVBBsCnlgRXfuiiwBzWLTvLLEjvhU2nRFENEoaZ+DjCSO1GPIE9yLFAjfr2NbgeHMFLNPVTCMqZsT7mtsCO1wCROwiQdozKb+XULZIA3exv1ua9H8914AVdLFpHYK9yMbxO/pNI6W+cJ03mgu/7vIzbq9QDd6hI9bjh7cuzqhr8CLW2XfI9lueqRWv3BjwCbCwB4hUHid5OcamPjXZbrgVyt+msRlwHlBq9Enj8Cc5+7rd/P6ZPmsNzUpzaO2d/3ELPcTepcTQt48EP05khy+wlDzEfcf/Uyau92ojBSOTsXUxW4ecfEKl8uSYUM/s9vmeqG/3ehbkhwDiFmCQcmo2/u4ZMUsSATHDcU4wXwFazButTIBwKAZyKa9tEIgFCZW+M49C0Glpd7SnzGX/9DSk/y+lLYuBmcXBfZidFOiAqlCRcxja3oj+D7vWuXwu s4LA5c4/UnOzDS6rEA4L2THms8Ys9Mzzy22/ANuf21klxJpCpY3gk7C+MmheqM4BZ4lDGPuwqBF1N4mvKCnEWl5NJ7pt6XFMWBoIueL1D0gHtOSDM044ca+bUjUTAcfdsbWIne19vrTMDRzTZOISkuAithlwZH/X1UZ6P0hygDeae4hNbB/H2KLyYuatb/XYssWHJwUvls9ixRjq+8KJZevcY6iBpiuISHRTVKO0VJhrwhjp+C8odGb0jdTrx5of5nEh4nQUh6OkjuK9cTnVb0uuBdxemv4JcQZtYXuiH9k9bwGAH4iq0BNo7qibi+WjkbSg4D3Mio0iPlJ8r6h49ChrbEtzJyx4xLZ5lV5AtMhQcKPcEdDpE9tjMQhvnWq6rJLyo8+uZFxr6G+/AEhvhhWQ4yoezEtSD94HD8H7Fw8RE8Cvb3jozITneld3+dNh9sDmIlclufiLHv8wJs8fMNrEc7MSx2c5sLllD8fj/gk9aHtCAgRyMjWiGUygDP0pPjTeMgJ1p3DfExJViwK31Qdm7rKQIYv72LTl/hoKgaeKyNIMdBYBa8NsjRYVm2Mmaz1zIUcw+RjGlSiuUDa8+TBn8DPwiOqe7sjPU5BCZW6Ry9UIgHCRD6iWoBvcKGdAxCxUwc+D2zMZI8FmaqxPj1Je/dnyj1+CxJOOJRzBhx2Lo+TQag3VR+LNFDDjv1cAeD/gu2Ox2zgZWl/kMonslp0OWjC+JPIDYnBjAefOd5N+XAM3tHO/X0kfeA0DJd/q4WD5E9QzMrsq20rtK0GA3LeCWhblsGOxCtcy+lk9s8hAFcjt+Z6jqu3ZtPOQtGhbFo1PzvvMRo1eOm86Sf2/KL83c7XjalCG60Gn3lptElcT8UQjKf9/jThrmx3zkiIS1rtvkyCOtt4vdeZVxbHKgX1xaNQuwFRKGsizzZ80ZYZaZLRP6pQK/xVVvlH3BJaBfERu+HJxx1dr3SrOsylG8z4xDAciWBXE6IRm4 bq29qlNipkCBTWU9IPpXlRyB+Xf244o6yfX6tedoWTc9UXeAEJNRuBTWOlV7ex0l0JhbVxqMYAp7f06VlzYLz8iRZtbxi+zRhThlTbzu8X99+fdq07lWP+N6fbbAVkg8oG5zxWXYjS4/N2UFy3wRrXSzy4iWa9q+P4C9gl7DZwLjumwhK47vJ6QQfGRWsbFCWZz7SK3eyShZ8NxcQf5C5P6NAPI0sa98C1ptGD1L2/n6T5msmXMFt+0faBu9SDet4v90ZeKkouLfjz1Ch4Ys9pzIx3rgTWp/CvKtm0WEMyl1WfVgHcP0qy2iF5bcdrO/LYx/YPCBJkPLIApheBIrhrFdZRtl1pfqCAUBhXuNJwPdTAXwhGMHyWxnW50WeyNM/S0qBg9p
Re: [squid-users] Re: TPROXY surf as client
On 21/06/2014 11:35 p.m., Omid Kosari wrote: > Amos Jeffries wrote >> User and IP address are not the same thing. TPROXY only deals with IP >> addresses, not users. > > I mean exactly the ip address . Is there a way to send request as user > source ip while user is online ? > TCP does not permit that. The SYN-ACK will fail. Amos
[squid-users] Re: TPROXY surf as client
Amos Jeffries wrote > User and IP address are not the same thing. TPROXY only deals with IP > addresses, not users. I mean exactly the ip address . Is there a way to send request as user source ip while user is online ? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439p4666441.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] TPROXY surf as client
On 21/06/2014 7:46 p.m., Omid Kosari wrote: > We have full TPROXY in our network . Is there a way to surf an address with > clients IP addresses ? Send HTTP requests from the client machine, or re-allocate the IP address to a test machine and request from there. > Lets think we have 1000 ip addresses . I want Squid opens google.com with > those 1000 IPs . > Something like fake traffic from different users . User and IP address are not the same thing. TPROXY only deals with IP addresses, not users. Amos
[squid-users] TPROXY surf as client
We have full TPROXY in our network . Is there a way to surf an address with clients IP addresses ? Lets think we have 1000 ip addresses . I want Squid opens google.com with those 1000 IPs . Something like fake traffic from different users . I know i may use squidclient or a script on squid box but they uses squids own ip and not all client ip . Also please suggest a way to don't create for current online users . Thanks . -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-surf-as-client-tp4666439.html Sent from the Squid - Users mailing list archive at Nabble.com.