[squid-users] Need help to build my own external help
Hello,
I'm trying to make an external helper which will be called by an acl,
so I have created one which is very simple: it takes an IP in stdin
and returns OK if it maches a predefined IP.
It works when I test it from the CLI, however when I put the relevant
directives in the squid.conf file and restart squid the connection to
internet is no longer possible.
The message displayed by FF is : "Firefox is configured to use a proxy
server that is refusing connections".
Here's my squid.conf:
external_acl_type src_ip_ext ttl=1 concurrency=0 %SRC /root/C/srcIP
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl src_ip external src_ip_ext
http_access allow manager localhost
http_access deny manager
#http_access allow localnet
http_access allow src_ip
http_access deny all
http_port 3128
And the source code of the helper:
/* */
#include
#include
#include
#define MAX_INPUT 256
int main()
{
char request [MAX_INPUT]; /* this is a holder for the stdin request */
/* below file is just to track execution of the script */
FILE *fp;
fp = fopen("file.txt","a");
fprintf(fp,"%s\n","This is an execution"); /*append some text*/
fclose(fp);
while (fgets(request, MAX_INPUT, stdin) != NULL){
const char *index;
index = strtok(request, " \n"); /* this is to get rid of \n */
if (strcmp (index,"172.30.30.1") == 0) {
printf("OK\n");
}
else printf("ERR\n");
}
return 0;
}
/* */
This is just a proof of concept not the final helper I intend to make
(I know source IP can be controlled directly via ACLs).
What I am doing wrong?
Re: [squid-users] Need help to build my own external help
On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
Hello,
I'm trying to make an external helper which will be called by an acl,
so I have created one which is very simple: it takes an IP in stdin
and returns OK if it maches a predefined IP.
It works when I test it from the CLI, however when I put the relevant
directives in the squid.conf file and restart squid the connection to
internet is no longer possible.
The message displayed by FF is : "Firefox is configured to use a
proxy
server that is refusing connections".
It would seem Squid is not listening on the IP:port which Firefox is
trying to use, or a firewall is actively rejecting port 3128 TCP
connections.
1) check that squid is running okay. It should be fine if your helper
runs okay on command line, but read+execute access permission
differences between the squids user and your own user account can still
cause problems. Run "squid -k parse" or look in cache.log for message if
Squid is not starting.
2) check that port 3128 is accessible. telnet etc can be used here. A
packet dump may be needed to find which device is rejecting TCP packets
to port 3128.
Amos
Here's my squid.conf:
external_acl_type src_ip_ext ttl=1 concurrency=0 %SRC /root/C/srcIP
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl src_ip external src_ip_ext
http_access allow manager localhost
http_access deny manager
#http_access allow localnet
http_access allow src_ip
http_access deny all
http_port 3128
And the source code of the helper:
/* */
#include
#include
#include
#define MAX_INPUT 256
HINT: input buffer from Squid is usually between 4KB-8KB, but can be
larger (~32KB for 3.1/3.2). IP address has a limited range of text
representations, but if you pass unconstrained details like URLs or HTTP
headers values to this helper it can trend towards the larger sizes. In
which case it is useful to check whether the \n was received after
fgets() and handle very long lines as a special input case.
int main()
{
char request [MAX_INPUT]; /* this is a holder for the stdin
request */
/* below file is just to track execution of the script */
FILE *fp;
fp = fopen("file.txt","a");
fprintf(fp,"%s\n","This is an execution"); /*append some text*/
fclose(fp);
while (fgets(request, MAX_INPUT, stdin) != NULL){
const char *index;
index = strtok(request, " \n"); /* this is to get rid of \n
*/
NOTE: long-term you will want to add concurrency support. It is much
faster than serial queries.
Check out the squid-3.2 session helper while() loop logics for an
example of how to pull the channel-ID (any bytes before the first " ")
from the input before processing. It then just gets sent back to Squid
unchanged in the printf before OK/ERR.
if (strcmp (index,"172.30.30.1") == 0) {
printf("OK\n");
}
else printf("ERR\n");
}
return 0;
}
/* */
This is just a proof of concept not the final helper I intend to make
(I know source IP can be controlled directly via ACLs).
Amos
Re: [squid-users] Need help to build my own external help
2012/4/10 Amos Jeffries :
> On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
>>
>> Hello,
>>
>> I'm trying to make an external helper which will be called by an acl,
>> so I have created one which is very simple: it takes an IP in stdin
>> and returns OK if it maches a predefined IP.
>>
>> It works when I test it from the CLI, however when I put the relevant
>> directives in the squid.conf file and restart squid the connection to
>> internet is no longer possible.
>>
>> The message displayed by FF is : "Firefox is configured to use a proxy
>> server that is refusing connections".
>
>
> It would seem Squid is not listening on the IP:port which Firefox is trying
> to use, or a firewall is actively rejecting port 3128 TCP connections.
>
> 1) check that squid is running okay. It should be fine if your helper runs
> okay on command line, but read+execute access permission differences between
> the squids user and your own user account can still cause problems. Run
> "squid -k parse" or look in cache.log for message if Squid is not starting.
>
> 2) check that port 3128 is accessible. telnet etc can be used here. A packet
> dump may be needed to find which device is rejecting TCP packets to port
> 3128.
>
It's not a connectivity issue since Squid is working fine unless I
uncomment the lines relevant to my external helper.
I noticed some errors I didn't understand in the cache.log:
###
2012/04/11 17:56:19| Accepting HTTP connections at [::]:3128, FD 24.
2012/04/11 17:56:19| HTCP Disabled.
2012/04/11 17:56:19| Squid modules loaded: 0
2012/04/11 17:56:19| Adaptation support is off.
2012/04/11 17:56:19| Ready to serve requests.
2012/04/11 17:56:19| WARNING: src_ip_ext #1 (FD 10) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #4 (FD 16) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #2 (FD 12) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #3 (FD 14) exited
2012/04/11 17:56:19| Too few src_ip_ext processes are running
2012/04/11 17:56:19| storeDirWriteCleanLogs: Starting...
2012/04/11 17:56:19| Finished. Wrote 0 entries.
2012/04/11 17:56:19| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The src_ip_ext helpers are crashing too rapidly, need help!
Squid Cache (Version 3.1.6): Terminated abnormally.
###
I think I'll need to review my program.
>> #include
>> #include
>> #include
>>
>> #define MAX_INPUT 256
>
>
> HINT: input buffer from Squid is usually between 4KB-8KB, but can be larger
> (~32KB for 3.1/3.2). IP address has a limited range of text representations,
> but if you pass unconstrained details like URLs or HTTP headers values to
> this helper it can trend towards the larger sizes. In which case it is
> useful to check whether the \n was received after fgets() and handle very
> long lines as a special input case.
>
Why is the input size so large? Could I not limit it if I just send
%SRC and %LOGIN
>>
>> int main()
>> {
>>char request [MAX_INPUT]; /* this is a holder for the stdin request */
>>
>>/* below file is just to track execution of the script */
>>FILE *fp;
>>fp = fopen("file.txt","a");
>>fprintf(fp,"%s\n","This is an execution"); /*append some text*/
>>fclose(fp);
>>
>>
>>while (fgets(request, MAX_INPUT, stdin) != NULL){
>>
>>const char *index;
>>index = strtok(request, " \n"); /* this is to get rid of \n */
>
>
> NOTE: long-term you will want to add concurrency support. It is much faster
> than serial queries.
>
> Check out the squid-3.2 session helper while() loop logics for an example of
> how to pull the channel-ID (any bytes before the first " ") from the input
> before processing. It then just gets sent back to Squid unchanged in the
> printf before OK/ERR.
>
Sure, I'll be trying to run faster. Is handling the channel-ID in the
input and output of my program all I have to do to support
concurrency?
Thanks,
--
Mohamed Amine Kadimi
Tél : +212 (0) 675 72 36 45
Re: [squid-users] Need help to build my own external help
2012/4/11 Amos Jeffries :
> On 12.04.2012 06:12, Mohamed Amine Kadimi wrote:
>>
>> 2012/4/10 Amos Jeffries :
>>>
>>> On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
Hello,
I'm trying to make an external helper which will be called by an acl,
so I have created one which is very simple: it takes an IP in stdin
and returns OK if it maches a predefined IP.
It works when I test it from the CLI, however when I put the relevant
directives in the squid.conf file and restart squid the connection to
internet is no longer possible.
The message displayed by FF is : "Firefox is configured to use a proxy
server that is refusing connections".
>>>
>>>
>>>
>>> It would seem Squid is not listening on the IP:port which Firefox is
>>> trying
>>> to use, or a firewall is actively rejecting port 3128 TCP connections.
>>>
>>> 1) check that squid is running okay. It should be fine if your helper
>>> runs
>>> okay on command line, but read+execute access permission differences
>>> between
>>> the squids user and your own user account can still cause problems. Run
>>> "squid -k parse" or look in cache.log for message if Squid is not
>>> starting.
>>>
>>> 2) check that port 3128 is accessible. telnet etc can be used here. A
>>> packet
>>> dump may be needed to find which device is rejecting TCP packets to port
>>> 3128.
>>>
>>
>> It's not a connectivity issue since Squid is working fine unless I
>> uncomment the lines relevant to my external helper.
>>
>> I noticed some errors I didn't understand in the cache.log:
>>
>> ###
>> 2012/04/11 17:56:19| Accepting HTTP connections at [::]:3128, FD 24.
>> 2012/04/11 17:56:19| HTCP Disabled.
>> 2012/04/11 17:56:19| Squid modules loaded: 0
>> 2012/04/11 17:56:19| Adaptation support is off.
>> 2012/04/11 17:56:19| Ready to serve requests.
>> 2012/04/11 17:56:19| WARNING: src_ip_ext #1 (FD 10) exited
>> 2012/04/11 17:56:19| WARNING: src_ip_ext #4 (FD 16) exited
>> 2012/04/11 17:56:19| WARNING: src_ip_ext #2 (FD 12) exited
>> 2012/04/11 17:56:19| WARNING: src_ip_ext #3 (FD 14) exited
>
>
> These causing
>
>
>> 2012/04/11 17:56:19| Too few src_ip_ext processes are running
>> 2012/04/11 17:56:19| storeDirWriteCleanLogs: Starting...
>> 2012/04/11 17:56:19| Finished. Wrote 0 entries.
>> 2012/04/11 17:56:19| Took 0.00 seconds ( 0.00 entries/sec).
>> FATAL: The src_ip_ext helpers are crashing too rapidly, need help!
>
>
> ... this ...
>
>
>>
>> Squid Cache (Version 3.1.6): Terminated abnormally.
>
>
> ... resulting in the proxy being shutdown. ie (1).
>
>
>> ###
>>
>> I think I'll need to review my program.
>
>
> Hmm. The only thing that looks like it might cause issues is fopen() for the
> debug log.
>
I've rewritten the source code excluding fopen() and handling
concurrency but I still get the same problem.
Here's the new one:
#include
#include
#include
#define MAX_INPUT 8192
int main(int argc, char **argv)
{
char request [MAX_INPUT];
while (fgets(request, MAX_INPUT , stdin) != NULL)
{
const char *channel_id = strtok(request, " ");
char *detail = strtok(NULL, "\n");
if (detail == NULL)
{
// Only 1 paramater supplied. We are expecting at least 2 (including
the channel ID)
fprintf(stderr, "FATAL: %s is concurrent and requires the
concurrency option to be specified.\n", program_name);
exit(1);
}
if (strcmp(detail,"172.30.30.1")==0) printf ("%s OK\n",channel_id);
else printf ("%s ERR\n",channel_id);
}
return 0;
}
Re: [squid-users] Need help to build my own external help
Problem solved partially by moving the executable to /var/lib/squid. I
no longer get the errors in cache.log.
however the browser and squidclient are unable to get a page from
internet, they are trying to infinity and there is no error reported.
2012/4/12 Mohamed Amine Kadimi :
> 2012/4/11 Amos Jeffries :
>> On 12.04.2012 06:12, Mohamed Amine Kadimi wrote:
>>>
>>> 2012/4/10 Amos Jeffries :
On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
>
>
> Hello,
>
> I'm trying to make an external helper which will be called by an acl,
> so I have created one which is very simple: it takes an IP in stdin
> and returns OK if it maches a predefined IP.
>
> It works when I test it from the CLI, however when I put the relevant
> directives in the squid.conf file and restart squid the connection to
> internet is no longer possible.
>
> The message displayed by FF is : "Firefox is configured to use a proxy
> server that is refusing connections".
It would seem Squid is not listening on the IP:port which Firefox is
trying
to use, or a firewall is actively rejecting port 3128 TCP connections.
1) check that squid is running okay. It should be fine if your helper
runs
okay on command line, but read+execute access permission differences
between
the squids user and your own user account can still cause problems. Run
"squid -k parse" or look in cache.log for message if Squid is not
starting.
2) check that port 3128 is accessible. telnet etc can be used here. A
packet
dump may be needed to find which device is rejecting TCP packets to port
3128.
>>>
>>> It's not a connectivity issue since Squid is working fine unless I
>>> uncomment the lines relevant to my external helper.
>>>
>>> I noticed some errors I didn't understand in the cache.log:
>>>
>>> ###
>>> 2012/04/11 17:56:19| Accepting HTTP connections at [::]:3128, FD 24.
>>> 2012/04/11 17:56:19| HTCP Disabled.
>>> 2012/04/11 17:56:19| Squid modules loaded: 0
>>> 2012/04/11 17:56:19| Adaptation support is off.
>>> 2012/04/11 17:56:19| Ready to serve requests.
>>> 2012/04/11 17:56:19| WARNING: src_ip_ext #1 (FD 10) exited
>>> 2012/04/11 17:56:19| WARNING: src_ip_ext #4 (FD 16) exited
>>> 2012/04/11 17:56:19| WARNING: src_ip_ext #2 (FD 12) exited
>>> 2012/04/11 17:56:19| WARNING: src_ip_ext #3 (FD 14) exited
>>
>>
>> These causing
>>
>>
>>> 2012/04/11 17:56:19| Too few src_ip_ext processes are running
>>> 2012/04/11 17:56:19| storeDirWriteCleanLogs: Starting...
>>> 2012/04/11 17:56:19| Finished. Wrote 0 entries.
>>> 2012/04/11 17:56:19| Took 0.00 seconds ( 0.00 entries/sec).
>>> FATAL: The src_ip_ext helpers are crashing too rapidly, need help!
>>
>>
>> ... this ...
>>
>>
>>>
>>> Squid Cache (Version 3.1.6): Terminated abnormally.
>>
>>
>> ... resulting in the proxy being shutdown. ie (1).
>>
>>
>>> ###
>>>
>>> I think I'll need to review my program.
>>
>>
>> Hmm. The only thing that looks like it might cause issues is fopen() for the
>> debug log.
>>
>
> I've rewritten the source code excluding fopen() and handling
> concurrency but I still get the same problem.
>
> Here's the new one:
>
> #include
> #include
> #include
>
> #define MAX_INPUT 8192
>
> int main(int argc, char **argv)
> {
> char request [MAX_INPUT];
>
> while (fgets(request, MAX_INPUT , stdin) != NULL)
> {
> const char *channel_id = strtok(request, " ");
> char *detail = strtok(NULL, "\n");
>
> if (detail == NULL)
> {
> // Only 1 paramater supplied. We are expecting at least 2 (including
> the channel ID)
> fprintf(stderr, "FATAL: %s is concurrent and requires the
> concurrency option to be specified.\n", program_name);
> exit(1);
> }
>
> if (strcmp(detail,"172.30.30.1")==0) printf ("%s OK\n",channel_id);
> else printf ("%s ERR\n",channel_id);
> }
> return 0;
> }
--
Mohamed Amine Kadimi
Tél : +212 (0) 675 72 36 45
Re: [squid-users] Need help to build my own external help
Hi,
I reduced my program to that:
##
#include
#include
#include
#define MAX_INPUT 8192
int main(int argc, char **argv)
{
char request [MAX_INPUT];
while (fgets(request, MAX_INPUT , stdin) != NULL)
{
printf ("OK\n");
}
return 0;
}
##
But, I still get the same problem,
2012/4/12 Mohamed Amine Kadimi :
> Problem solved partially by moving the executable to /var/lib/squid. I
> no longer get the errors in cache.log.
>
> however the browser and squidclient are unable to get a page from
> internet, they are trying to infinity and there is no error reported.
>
> 2012/4/12 Mohamed Amine Kadimi :
>> 2012/4/11 Amos Jeffries :
>>> On 12.04.2012 06:12, Mohamed Amine Kadimi wrote:
2012/4/10 Amos Jeffries :
>
> On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
>>
>>
>> Hello,
>>
>> I'm trying to make an external helper which will be called by an acl,
>> so I have created one which is very simple: it takes an IP in stdin
>> and returns OK if it maches a predefined IP.
>>
>> It works when I test it from the CLI, however when I put the relevant
>> directives in the squid.conf file and restart squid the connection to
>> internet is no longer possible.
>>
>> The message displayed by FF is : "Firefox is configured to use a proxy
>> server that is refusing connections".
>
>
>
> It would seem Squid is not listening on the IP:port which Firefox is
> trying
> to use, or a firewall is actively rejecting port 3128 TCP connections.
>
> 1) check that squid is running okay. It should be fine if your helper
> runs
> okay on command line, but read+execute access permission differences
> between
> the squids user and your own user account can still cause problems. Run
> "squid -k parse" or look in cache.log for message if Squid is not
> starting.
>
> 2) check that port 3128 is accessible. telnet etc can be used here. A
> packet
> dump may be needed to find which device is rejecting TCP packets to port
> 3128.
>
It's not a connectivity issue since Squid is working fine unless I
uncomment the lines relevant to my external helper.
I noticed some errors I didn't understand in the cache.log:
###
2012/04/11 17:56:19| Accepting HTTP connections at [::]:3128, FD 24.
2012/04/11 17:56:19| HTCP Disabled.
2012/04/11 17:56:19| Squid modules loaded: 0
2012/04/11 17:56:19| Adaptation support is off.
2012/04/11 17:56:19| Ready to serve requests.
2012/04/11 17:56:19| WARNING: src_ip_ext #1 (FD 10) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #4 (FD 16) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #2 (FD 12) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #3 (FD 14) exited
>>>
>>>
>>> These causing
>>>
>>>
2012/04/11 17:56:19| Too few src_ip_ext processes are running
2012/04/11 17:56:19| storeDirWriteCleanLogs: Starting...
2012/04/11 17:56:19| Finished. Wrote 0 entries.
2012/04/11 17:56:19| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The src_ip_ext helpers are crashing too rapidly, need help!
>>>
>>>
>>> ... this ...
>>>
>>>
Squid Cache (Version 3.1.6): Terminated abnormally.
>>>
>>>
>>> ... resulting in the proxy being shutdown. ie (1).
>>>
>>>
###
I think I'll need to review my program.
>>>
>>>
>>> Hmm. The only thing that looks like it might cause issues is fopen() for the
>>> debug log.
>>>
>>
>> I've rewritten the source code excluding fopen() and handling
>> concurrency but I still get the same problem.
>>
>> Here's the new one:
>>
>> #include
>> #include
>> #include
>>
>> #define MAX_INPUT 8192
>>
>> int main(int argc, char **argv)
>> {
>> char request [MAX_INPUT];
>>
>> while (fgets(request, MAX_INPUT , stdin) != NULL)
>> {
>> const char *channel_id = strtok(request, " ");
>> char *detail = strtok(NULL, "\n");
>>
>> if (detail == NULL)
>> {
>> // Only 1 paramater supplied. We are expecting at least 2 (including
>> the channel ID)
>> fprintf(stderr, "FATAL: %s is concurrent and requires the
>> concurrency option to be specified.\n", program_name);
>> exit(1);
>> }
>>
>> if (strcmp(detail,"172.30.30.1")==0) printf ("%s OK\n",channel_id);
>> else printf ("%s ERR\n",channel_id);
>> }
>> return 0;
>> }
>
>
>
> --
> Mohamed Amine Kadimi
>
> Tél : +212 (0) 675 72 36 45
--
Mohamed Amine Kadimi
Tél : +212 (0) 675 72 36 45
Re: [squid-users] Need help to build my own external help
From: Mohamed Amine Kadimi
> I reduced my program to that:
>
> #include
> #include
> #include
> #define MAX_INPUT 8192
> int main(int argc, char **argv)
> {
> char request [MAX_INPUT];
> while (fgets(request, MAX_INPUT , stdin) != NULL)
> {
> printf ("OK\n");
> }
> return 0;
> }
>
> But, I still get the same problem,
I jump in the middle of the conversation but,
the return will constantly end the helper...
It is supposed to loop "forever".
I used to use this:
#define INPUTSIZE 8192 char input[INPUTSIZE]; while (fgets(input,
sizeof(input), stdin)) { if ((cp=strchr(input, '\n')) == NULL) {
fprintf(stderr, "filter: input too big: %s\n", input); } else { *cp = '\0'; }
... fflush(stderr); fflush(stdout); }
JD
Re: [squid-users] Need help to build my own external help
>> I reduced my program to that:
>>
>> #include
>> #include
>> #include
>> #define MAX_INPUT 8192
>> int main(int argc, char **argv)
>> {
>> char request [MAX_INPUT];
>> while (fgets(request, MAX_INPUT , stdin) != NULL)
>> {
>> printf ("OK\n");
>> }
>> return 0;
>> }
>>
>> But, I still get the same problem,
>
> I jump in the middle of the conversation but,
> the return will constantly end the helper...
> It is supposed to loop "forever".
> I used to use this:
>
> #define INPUTSIZE 8192 char input[INPUTSIZE]; while (fgets(input,
> sizeof(input), stdin)) { if ((cp=strchr(input, '\n')) == NULL) {
> fprintf(stderr, "filter: input too big: %s\n", input); } else { *cp = '\0'; }
> ... fflush(stderr); fflush(stdout); }
>
> JD
Actually, it should loop forever because the return is outside the
while (fgets(...) != NULL) and fgets is supposed to not return NULL
unless some error occurs.
Also refer to the source code of ext_session_acl which has a return 0
at the end.
--
Mohamed Amine Kadimi
Tél : +212 (0) 675 72 36 45
Re: [squid-users] Need help to build my own external help
On 17.04.2012 03:42, Mohamed Amine Kadimi wrote:
Hi,
I reduced my program to that:
##
#include
#include
#include
#define MAX_INPUT 8192
int main(int argc, char **argv)
{
char request [MAX_INPUT];
while (fgets(request, MAX_INPUT , stdin) != NULL)
{
printf ("OK\n");
}
return 0;
}
##
But, I still get the same problem,
Then it is not Squid or the helper code.
There is some external factor preventing Squid either starting, or
using stdin/stdout to the helper.
Unless you are cross-compiling the helper somehow?
Amos
Re: [squid-users] Need help to build my own external help
>
>>> I jump in the middle of the conversation but,
>>> the return will constantly end the helper...
>>> It is supposed to loop "forever".
>>> I used to use this:
>>>
>>> #define INPUTSIZE 8192 char input[INPUTSIZE]; while (fgets(input,
>> sizeof(input), stdin)) { if ((cp=strchr(input, '\n')) == NULL) {
>> fprintf(stderr, "filter: input too big: %s\n", input); } else {
>> *cp = '\0'; } ... fflush(stderr); fflush(stdout); }
>>>
>>> JD
>>
>> Actually, it should loop forever because the return is outside the
>> while (fgets(...) != NULL) and fgets is supposed to not return NULL
>> unless some error occurs.
>>
>> Also refer to the source code of ext_session_acl which has a return 0
>> at the end.
>
> Ah... my bad... I jumped too fast ^_^
> I saw "The src_ip_ext helpers are crashing too rapidly" and ran to a bad
> conclusion.
> Tried to debug by printing from the helper to stderr?
> Tried negative_ttl=0 ?
> Tried debug_options ALL,1 33,2 ?
>
> JD
I'm getting these logs when debug is On:
##
2012/04/17 12:11:18.200| ACLChecklist::preCheck: 0xa595a30 checking
'http_access allow src_ip'
2012/04/17 12:11:18.200| ACLList::matches: checking src_ip
2012/04/17 12:11:18.200| ACL::checklistMatches: checking 'src_ip'
2012/04/17 12:11:18.201| ACL::ChecklistMatches: result for 'src_ip' is -1
2012/04/17 12:11:18.201| ACLList::matches: result is false
2012/04/17 12:11:18.201| aclmatchAclList: 0xa595a30 returning false
(AND list entry failed to match)
2012/04/17 12:11:18.201| ACL::FindByName 'src_ip'
2012/04/17 12:11:18.201| ACLChecklist::asyncInProgress: 0xa595a30 async set to 1
2012/04/17 12:11:18.201| aclmatchAclList: async=1 nodeMatched=0
async_in_progress=1 lastACLResult() = 0 finished() = 0
##
And after five requests, I get:
##
2012/04/17 12:15:18.944| ACLChecklist::preCheck: 0xa5acd40 checking
'http_access allow src_ip'
2012/04/17 12:15:18.944| ACLList::matches: checking src_ip
2012/04/17 12:15:18.944| ACL::checklistMatches: checking 'src_ip'
2012/04/17 12:15:18.944| ACL::ChecklistMatches: result for 'src_ip' is -1
2012/04/17 12:15:18.944| ACLList::matches: result is false
2012/04/17 12:15:18.944| aclmatchAclList: 0xa5acd40 returning false
(AND list entry failed to match)
2012/04/17 12:15:18.944| ACL::FindByName 'src_ip'
2012/04/17 12:15:18.944| ACLChecklist::asyncInProgress: 0xa5acd40 async set to 1
2012/04/17 12:15:18.944| WARNING: All srcip processes are busy.
2012/04/17 12:15:18.944| WARNING: 5 pending requests queued
2012/04/17 12:15:18.944| Consider increasing the number of srcip
processes in your config file.
2012/04/17 12:15:18.945| aclmatchAclList: async=1 nodeMatched=0
async_in_progress=1 lastACLResult() = 0 finished() = 0
##
I can't figure out why the requests are being queued indefinitely in the helper.
Here's my squid.conf:
##
debug_options ALL,1 33,2 28,9
external_acl_type srcip negative_ttl=0 %URI /usr/lib/squid3/src_ip
acl src_ip external srcip
http_access allow src_ip
http_access deny all
http_port 3128
##
--
Mohamed Amine Kadimi
Tél : +212 (0) 675 72 36 45
Re: [squid-users] Need help to build my own external help
From: Mohamed Amine Kadimi >>> *cp = '\0'; } ... fflush(stderr); fflush(stdout); } > I can't figure out why the requests are being queued indefinitely in the > helper. Are you flushing stdout? JD
Re: [squid-users] Need help to build my own external help
Solved with: fflush(stderr); fflush(stdout); Many thanks John and Amos! *cp = '\0'; } ... fflush(stderr); fflush(stdout); } >> I can't figure out why the requests are being queued indefinitely in the >> helper. > > Are you flushing stdout? > > JD -- Mohamed Amine Kadimi Tél : +212 (0) 675 72 36 45
