Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs
tor 2010-09-09 klockan 11:36 +0530 skrev Babu Chaliyath: Hi List, I am trying to get mrtg graphing of my squid box running freebsd 7.2 with squid 3.1.0.13, I was able to get the mrtg while running 2.6 version of squid, but once moved to 3.1 version, I am not able to get the mrtg graph at all, I would greatly appreciate if any suggestions/clues what might have gone wrong on my mrtg setup. I did not see any reference to the Squid MIB from your mrtg config. Regards Henrik
Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs
2010/9/9 Henrik Nordström hen...@henriknordstrom.net: tor 2010-09-09 klockan 11:36 +0530 skrev Babu Chaliyath: Hi List, I am trying to get mrtg graphing of my squid box running freebsd 7.2 with squid 3.1.0.13, I was able to get the mrtg while running 2.6 version of squid, but once moved to 3.1 version, I am not able to get the mrtg graph at all, I would greatly appreciate if any suggestions/clues what might have gone wrong on my mrtg setup. I did not see any reference to the Squid MIB from your mrtg config. Regards Henrik Ooops! I missed LoadMIBs: /usr/local/etc/mrtg/squid.mib line while pasting it in my mail, yes it is there in my mrtg.cfg btw mib.txt file is renamed as squid.mib. Thanx for that quick reply Regards Babs
Re: [squid-users] Squid 3.1 with MRTG, Not able to get Graphs
On 09/09/10 21:38, Babu Chaliyath wrote: 2010/9/9 Henrik Nordströmhen...@henriknordstrom.net: tor 2010-09-09 klockan 11:36 +0530 skrev Babu Chaliyath: Hi List, I am trying to get mrtg graphing of my squid box running freebsd 7.2 with squid 3.1.0.13, I was able to get the mrtg while running 2.6 version of squid, but once moved to 3.1 version, I am not able to get the mrtg graph at all, I would greatly appreciate if any suggestions/clues what might have gone wrong on my mrtg setup. I did not see any reference to the Squid MIB from your mrtg config. Regards Henrik Ooops! I missed LoadMIBs: /usr/local/etc/mrtg/squid.mib line while pasting it in my mail, yes it is there in my mrtg.cfg btw mib.txt file is renamed as squid.mib. Thanx for that quick reply Regards Babs It's well worth upgrading to 3.1.8. Many of the 3.1 betas had broken SNMP. Also check that the squid.mib being loaded came from the 3.1 install. We now have a full map of what the OID are and what versions they work for. You may find this useful: http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2
[squid-users] Squid 3.1 supporting NTLMv1 and v2 using negotiate
I have authentication via negotiate_kerb_auth working a charm, with a secondary helper for basic via ntlm_auth This works a charm. However the negotiate_kerb_auth helper only supports NTLMv2 and this causes some applications, mostly Web Conferencing applications, Live Meeting, WebEx etc, to fail authentication due to sending NTLMv1. I could add the sites involved to the no auth destinations, but would much rather get the authentication working correctly. I have seen some speculation that there may be a new negotiate helper in the pipeline that will support both v1 and v2, is this true? If not, has anybody got 3.1 working with negotiate and a combination of other helpers with such applications? Thanks Rob
Re: [squid-users] Squid 3.1 supporting NTLMv1 and v2 using negotiate
mån 2010-06-21 klockan 19:11 +1000 skrev Rob Price: I have authentication via negotiate_kerb_auth working a charm, with a secondary helper for basic via ntlm_auth This works a charm. However the negotiate_kerb_auth helper only supports NTLMv2 and this causes some applications, mostly Web Conferencing applications, Live Meeting, WebEx etc, to fail authentication due to sending NTLMv1. squid_kerb_auth do not support NTLM at all, only Kerberos. Samba ntlm_auth supports NTLM version 1 2, plus Basic auth. Your can run Squid with Basic - ntlm_auth NTLM - ntlm_auth Negotiate - squid_kerb_auth which should cover pretty much all HTTP clients. Regards Henrik
[squid-users] Squid 3.1 and strange Bad header encountered error
Hi Squid users, I think I need some help to understand a new error with squid. :( I've got several squid boxes, all in 3.0 branch (reverse proxy cache). All is ok. Now, I've tried to upgrade one (and only one boxe) to 3.1 branch (Starting Squid Cache version 3.1.3 for x86_64-pc-linux-gnu...). This a debian package of squid. Several times a day, the new squid 3.1 give me theses errors : 2010/06/07 20:14:15| WARNING: HTTP: Invalid Response: Bad header encountered from http://mypeer_example.com/myimg.gif http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif AKA mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif.myimg.gif No errors like thos on all other 3.0 squid boxes. No error or warning on the cache peer farm. :( This user seems to have a similar issue. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582270 Any idea ? Best regards. Squid conf : acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow all icp_access allow all htcp_access deny all http_port 80 vhost cache_peer XXX.YYY.ZZZ.AAA parent 80 0 no-query originserver no-digest cache_peer_domain XXX.YYY.ZZZ.AAA mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif hierarchy_stoplist cgi-bin ? cache_mem 6144 MB cache_dir aufs /data/cache 32768 16 256 maximum_object_size 4096 KB maximum_object_size_in_memory 256 KB cache_log /data/logs/squid/cache.log cache_store_log none access_log none refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern (cgi-bin|\?)0 0% 0 refresh_pattern . 0 20% 4320 pconn_timeout 60 seconds read_timeout 5 minutes request_timeout 5 seconds quick_abort_max 0 KB quick_abort_min 0 KB client_db off half_closed_clients off client_persistent_connections on server_persistent_connections on visible_hostname www.mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif unique_hostname squid1.mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif via off snmp_port 0 snmp_access deny all icp_port 3130 udp_incoming_address 192.168.0.11 udp_outgoing_address 255.255.255.255 coredump_dir /var/spool/squid3 cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA
Re: [squid-users] Squid 3.1 and strange Bad header encountered error
David B. wrote: Hi Squid users, I think I need some help to understand a new error with squid. :( I've got several squid boxes, all in 3.0 branch (reverse proxy cache). All is ok. Now, I've tried to upgrade one (and only one boxe) to 3.1 branch (Starting Squid Cache version 3.1.3 for x86_64-pc-linux-gnu...). This a debian package of squid. Several times a day, the new squid 3.1 give me theses errors : 2010/06/07 20:14:15| WARNING: HTTP: Invalid Response: Bad header encountered from http://mypeer_example.com/myimg.gif http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif AKA mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif.myimg.gif No errors like thos on all other 3.0 squid boxes. No error or warning on the cache peer farm. :( This user seems to have a similar issue. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582270 Any idea ? Bug in 3.1.3. Resolved in 3.1.4. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.4
Re: [squid-users] Squid 3.1 and strange Bad header encountered error
Le 08/06/2010 11:12, Amos Jeffries a écrit : David B. wrote: Hi Squid users, I think I need some help to understand a new error with squid. :( I've got several squid boxes, all in 3.0 branch (reverse proxy cache). All is ok. Now, I've tried to upgrade one (and only one boxe) to 3.1 branch (Starting Squid Cache version 3.1.3 for x86_64-pc-linux-gnu...). This a debian package of squid. Several times a day, the new squid 3.1 give me theses errors : 2010/06/07 20:14:15| WARNING: HTTP: Invalid Response: Bad header encountered from http://mypeer_example.com/myimg.gif http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif AKA mypeer_example.com http://image.jeuxvideo.com/pics/forums/bt_forum_profil.gif.myimg.gif No errors like thos on all other 3.0 squid boxes. No error or warning on the cache peer farm. :( This user seems to have a similar issue. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582270 Any idea ? Bug in 3.1.3. Resolved in 3.1.4. Amos Thank you Amos !
Re: [squid-users] Squid 3.1.x uses considerably more memory than 2.7.x or 3.0.x
tis 2010-06-01 klockan 23:51 -0300 skrev Murilo Moreira de Oliveira: Hi guys. I'm using squid 3.1.4 and since of first 3.1 stable release I'm suffering from memory leak problems too. Are you using delay pools? Regards Henrik
Re: [squid-users] squid 3.1.xx caching youtube ???
Le mercredi 2 juin 2010 07:29:18, Ariel a écrit : hello, list, it is possible cache contents and youtube with squid 3.1.xx? yes, alll it is possible but with 3.1 there is a limitation. i mean squid31 is unable to identify same video stream with different url
Re: [squid-users] squid 3.1.xx caching youtube ???
Luis Daniel Lucio Quiroz wrote: Le mercredi 2 juin 2010 07:29:18, Ariel a écrit : hello, list, it is possible cache contents and youtube with squid 3.1.xx? yes, alll it is possible but with 3.1 there is a limitation. i mean squid31 is unable to identify same video stream with different url Hi Luis, i know that exist third-party tools (like video cache) that can handle this problem, but there is a plan to implement a solution for this in squid? Tks in advance.
Re: [squid-users] squid 3.1.xx caching youtube ???
Le mercredi 2 juin 2010 07:39:48, Leonardo Carneiro - Veltrac a écrit : Luis Daniel Lucio Quiroz wrote: Le mercredi 2 juin 2010 07:29:18, Ariel a écrit : hello, list, it is possible cache contents and youtube with squid 3.1.xx? yes, alll it is possible but with 3.1 there is a limitation. i mean squid31 is unable to identify same video stream with different url Hi Luis, i know that exist third-party tools (like video cache) that can handle this problem, but there is a plan to implement a solution for this in squid? Tks in advance. As Amos said, he was asking for volunteer he jas just givme a workarround with icap/ecap
Re: [squid-users] squid 3.1.xx caching youtube ???
Luis Daniel Lucio Quiroz wrote: Le mercredi 2 juin 2010 07:39:48, Leonardo Carneiro - Veltrac a écrit : Luis Daniel Lucio Quiroz wrote: Le mercredi 2 juin 2010 07:29:18, Ariel a écrit : hello, list, it is possible cache contents and youtube with squid 3.1.xx? yes, alll it is possible but with 3.1 there is a limitation. i mean squid31 is unable to identify same video stream with different url Hi Luis, i know that exist third-party tools (like video cache) that can handle this problem, but there is a plan to implement a solution for this in squid? Tks in advance. As Amos said, he was asking for volunteer he jas just givme a workarround with icap/ecap Ok. Tks for your answer.
[squid-users] Squid 3.1.x uses considerably more memory than 2.7.x or 3.0.x
Hi guys. I'm using squid 3.1.4 and since of first 3.1 stable release I'm suffering from memory leak problems too. My production server is a CentOS 5.4 32 bits (kernel 2.6.18-164.6.1.el5). It has 2GB of RAM (512MB reserved to squid cache_mem) and 6GB of disk space reserved to squid's disk cache. In approximately 24h, squid consumes all the available memory of my server and swap starts to be consumed. I'm currently restarting squid once a day in order to workaround the problem. Follow attached a squidclient output made some hours before all the server memory be consumed. HTTP/1.0 200 OK Server: squid Mime-Version: 1.0 Date: Wed, 02 Jun 2010 02:22:12 GMT Content-Type: text/plain Expires: Wed, 02 Jun 2010 02:22:12 GMT Last-Modified: Wed, 02 Jun 2010 02:22:12 GMT X-Cache: MISS from proxyweb.ipasgo.go.gov.br Via: 1.0 proxyweb.ipasgo.go.gov.br (squid) Proxy-Connection: close Squid Object Cache: Version 3.1.4 Start Time: Tue, 01 Jun 2010 02:59:02 GMT Current Time: Wed, 02 Jun 2010 02:22:12 GMT Connection information for squid: Number of clients accessing cache: 1 Number of HTTP requests received: 1607991 Number of ICP messages received:0 Number of ICP messages sent:0 Number of queued ICP replies: 0 Number of HTCP messages received: 0 Number of HTCP messages sent: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 1146.0 Average ICP messages per minute since start:0.0 Select loop called: 21704724 times, 3.879 ms avg Cache information for squid: Hits as % of all requests: 5min: 1.3%, 60min: 2.5% Hits as % of bytes sent:5min: 99.3%, 60min: 93.0% Memory hits as % of hit requests: 5min: 100.0%, 60min: 100.0% Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.0% Storage Swap size: 5662188 KB Storage Swap capacity: 90.0% used, 10.0% free Storage Mem size: 420444 KB Storage Mem capacity: 80.7% used, 19.3% free Mean Object Size: 21.29 KB Requests given to unlinkd: 0 Median Service Times (seconds) 5 min60 min: HTTP Requests (All): 0.00463 0.00463 Cache Misses: 0.00307 0.28853 Cache Hits:0.0 0.0 Near Hits: 0.0 0.0 Not-Modified Replies: 0.0 0.0 DNS Lookups: 0.00860 0.00860 ICP Queries: 0.0 0.0 Resource usage for squid: UP Time:84190.610 seconds CPU Time: 2395.902 seconds CPU Usage: 2.85% CPU Usage, 5 minute avg:0.05% CPU Usage, 60 minute avg: 0.05% Process Data Segment Size via sbrk(): 1081804 KB Maximum Resident Size: 0 KB Page faults with physical i/o: 2522 Memory usage for squid via mallinfo(): Total space in arena: 1081936 KB Ordinary blocks: 1079110 KB 7695 blks Small blocks: 0 KB 0 blks Holding blocks: 3492 KB 7 blks Free Small blocks: 0 KB Free Ordinary blocks:2825 KB Total in use: 1082602 KB 100% Total free: 2825 KB 0% Total size:1085428 KB Memory accounted for: Total accounted: 550778 KB 51% memPool accounted: 550778 KB 51% memPool unaccounted: 534649 KB 49% memPoolAlloc calls: 307930462 memPoolFree calls: 308780650 File descriptor usage for squid: Maximum number of file descriptors: 4096 Largest file desc currently in use: 92 Number of file desc currently in use: 46 Files queued for open: 0 Available number of file descriptors: 4050 Reserved number of file descriptors: 100 Store Disk files open: 0 Internal Data Structures: 266030 StoreEntries 57596 StoreEntries with MemObjects 57595 Hot Object Cache Items 266004 on-disk objects
Re: [squid-users] Squid 3.1 rejecting connections after few thousands requests
mån 2010-05-24 klockan 00:47 +1200 skrev Amos Jeffries: I mean the ExtremeCarpFrontend configuration examples. 990rps was simply the limit reached on the testing hardware. There may be hardware able to go faster already. Or a reverse proxy with high memory hit ratio on slower hardware. Regards Henrik
Re: [squid-users] Squid 3.1 rejecting connections after few thousands requests
Wow. Sure thats hits/sec and not hits/minute? The 'extreme' setups of Squid-2.7 only reached 990req/sec. I'm running squid3.0 on Dell R300 servers with 4x2.8GHz Intel Xeons and 12GB of ram. On production servers I'm getting max 1500hits/s. With 2500hits/s I have seen that some in access.log, in elapsed column that some requests were closed after 6 seconds and average was something like ~300ms. It's not acceptable for me. Most requests on production servers are closed in less than 1ms. FWIW; the only other occurrence of this particular Select loop Error reported in recent years was found to be due to broken NIC drivers. The behaviour sounds very much like some such bug has been hit, or maybe a limit on the open ports per IP. I will search for something about nic drivers on FreeBSD maillists. As I said before squid3.0 was running fine for few hours, everytime I launched squid3.1 it lasted only few seconds. There is no firewall configured on this machine. Could anyone give me some pointers about debugging newest squid to see what is causing that squid immediately closes connections?
Re: [squid-users] Squid 3.1 rejecting connections after few thousands requests
Henrik Nordström wrote: lör 2010-05-22 klockan 15:08 +1200 skrev Amos Jeffries: Wow. Sure thats hits/sec and not hits/minute? The 'extreme' setups of Squid-2.7 only reached 990req/sec. 990 isn̈́'t the extreme.. but very high. I mean the ExtremeCarpFrontend configuration examples. 990rps was simply the limit reached on the testing hardware. There may be hardware able to go faster already. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] Squid 3.1 rejecting connections after few thousands requests
lör 2010-05-22 klockan 15:08 +1200 skrev Amos Jeffries: Wow. Sure thats hits/sec and not hits/minute? The 'extreme' setups of Squid-2.7 only reached 990req/sec. 990 isn̈́'t the extreme.. but very high. Regards Henrik
[squid-users] Squid 3.1 rejecting connections after few thousands requests
Hi, I've run into problems after upgrading 3.0.STABLE19 (installed from packages) to squid 3.1 I'm running amd64 8.0-RELEASE FreeBSD, with squid as accelerated proxy. 3.0.STABLE19 runs almost flawlessly. I'm getting 'Select loop Error' every second: 2010/05/21 14:37:34| Select loop Error. Retry 1 and these errors once in a while in my cache.log: 2010/05/21 14:39:14| comm_old_accept: FD 14: (53) Software caused connection abort 2010/05/21 14:39:14| httpAccept: FD 14: accept failure: (53) Software caused connection abort I've never ran in such problems on Debian Squeeze (also with squid3.0), so I really don't know if I could ignore them. I have successfully tested 3.0.STABLE19 on FreeBSD with 2500hits/s After a while I tried to upgrade to the newest version of squid I've tried squid-3.1.3 from ports, and squid-3.1.0.13 from packages. Both versions after handling few thousands of requests are stopping serving on specified port. Here is my configuration squid listens on 2 ports: netstat -an |grep LISTEN tcp4 0 0 *.8080 *.*LISTEN tcp4 0 0 *.80 *.*LISTEN 'All' request goes to :8080, I configured port :80 only for testing. After few thousands of requests to :8080, squid stops handling requests coming from that port. If I telnet to :8080 my connection is closed instantly, but If i send request to :80 everything is fine. Here are excerpts from cache.log, after I saw that squid doesn't serve anything I stopped it: 2010/05/20 12:09:56| Preparing for shutdown after 7460 requests 2010/05/20 13:00:19| Preparing for shutdown after 8843 requests 2010/05/21 14:10:37| Preparing for shutdown after 9963 requests While trying two 3.1 versions of squid I also saw 'Select loop Error. Retry 1'
Re: [squid-users] Squid 3.1 rejecting connections after few thousands requests
alter...@gmail.com wrote: Hi, I've run into problems after upgrading 3.0.STABLE19 (installed from packages) to squid 3.1 I'm running amd64 8.0-RELEASE FreeBSD, with squid as accelerated proxy. 3.0.STABLE19 runs almost flawlessly. I'm getting 'Select loop Error' every second: 2010/05/21 14:37:34| Select loop Error. Retry 1 and these errors once in a while in my cache.log: 2010/05/21 14:39:14| comm_old_accept: FD 14: (53) Software caused connection abort 2010/05/21 14:39:14| httpAccept: FD 14: accept failure: (53) Software caused connection abort I've never ran in such problems on Debian Squeeze (also with squid3.0), so I really don't know if I could ignore them. I have successfully tested 3.0.STABLE19 on FreeBSD with 2500hits/s Wow. Sure thats hits/sec and not hits/minute? The 'extreme' setups of Squid-2.7 only reached 990req/sec. After a while I tried to upgrade to the newest version of squid I've tried squid-3.1.3 from ports, and squid-3.1.0.13 from packages. Both versions after handling few thousands of requests are stopping serving on specified port. Here is my configuration squid listens on 2 ports: netstat -an |grep LISTEN tcp4 0 0 *.8080 *.*LISTEN tcp4 0 0 *.80 *.*LISTEN 'All' request goes to :8080, I configured port :80 only for testing. After few thousands of requests to :8080, squid stops handling requests coming from that port. If I telnet to :8080 my connection is closed instantly, but If i send request to :80 everything is fine. Here are excerpts from cache.log, after I saw that squid doesn't serve anything I stopped it: 2010/05/20 12:09:56| Preparing for shutdown after 7460 requests 2010/05/20 13:00:19| Preparing for shutdown after 8843 requests 2010/05/21 14:10:37| Preparing for shutdown after 9963 requests While trying two 3.1 versions of squid I also saw 'Select loop Error. Retry 1' FWIW; the only other occurrence of this particular Select loop Error reported in recent years was found to be due to broken NIC drivers. The behaviour sounds very much like some such bug has been hit, or maybe a limit on the open ports per IP. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3
Re: [squid-users] squid 3.1 strange upload behavior
ons 2010-05-12 klockan 17:20 +0200 skrev Daemen, Martin: after upgrading squid from 2.7 to 3.1 there is an strange upload behavior. Right now, the progress bar during the upload seem to show the upload in realtime. So if we upload 15MB through our proxy to an webserver at the internet, we using an 2M/bit SDSL line, the bar grows as far as the file 'arrvied' at the destination. Since we updated our squid to 3.1 the progress bar show very fast 100% - maybe the connection speed from our LAN - and then keep the 100% until the file finished at the remote side. So this behavior is very irritating for the users, because they don´t know, if this is an error or normal. So they often cancel the job to early. Sounds like a bug, but can also be changes at socket level. Did you change any other parameters like operating system version? Regards Henrik
[squid-users] Squid 3.1 ICAP bug on Solaris
Hi We have found a problem with Squid 3.1 on Solaris With ICAP enabled all pages over 49150 bytes fail to load. Squid returns an ICAP error page. Squid sends an incomplete RESPMOD to the ICAP server. It sends chunks totalling 49150 bytes and then fails to send a final 0 byte chunk. (256 byte preview + 48894 bytes in chunks) We have checked the tcp traffic and the full web page is returned to Squid by the web server. This only occurs on Solaris. If we install Squid 3.1 on Linux it works fine. We have tested on Solaris Sparc and Intel. Both have the same behaviour. We have logged bug 2910 to describe this issue. We have attached tcp dumps and squid logs to the bug. Best Regards Niall P.S. This is the same issue as 'Squid sends incomplete RESPMOD requests to ICAP Server on Solaris'. I wanted to start again since the nature of the issue is a bit clearer now. Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] SQUID 3.1 + sslBump https interception and decryption
From: Franz Angeli [mailto:franz.ang...@gmail.com] I configured one debian box with squid 3.1 (compiling it with ssl support) enabling sslBump feature with a self signed certificate, obviously browser and applications warn about the certificate but all seems to work. Is there a way to use trusted certificate for removing that warning (sorry for this dumb question but some applications doesn't permit certificate exception list like firefox for example)? If you have the signed certificate for the URL you're developing for, then yes, you can use the certificate. For example, if your app is going to app.squid-cache.org and you have the signed certificate for app.squid-cache.org or *.squid-cache.org, then everything will be happy. But, if you're trying to intercept the traffic for a third-party domain, no, you can't. The best you can do, is to create your own CA and add the public certificate to the browser/application, if it even allows you to. Thank you for the informations And what about ICAP configuration? Some suggestion?
[squid-users] SQUID 3.1 + sslBump https interception and decryption
Hi, I need for testing purpose (i have to test and debug several mobile phone java application some of that using https/ssl) to intercept and decrypt https traffic; I configured one debian box with squid 3.1 (compiling it with ssl support) enabling sslBump feature with a self signed certificate, obviously browser and applications warn about the certificate but all seems to work. Is there a way to use trusted certificate for removing that warning (sorry for this dumb question but some applications doesn't permit certificate exception list like firefox for example)? Another question is about ICAP, i read on Squid-cache wiki that is possible to use ICAP server to inspect traffic (While decrypted, the traffic can be inspected using ICAP), is there some hints regarding which ICAP server use (C-ICAP? or other ICAP server) and some configuration example about it? I didn't find many informations about. Thanks for your patience Best Regards Franz
RE: [squid-users] SQUID 3.1 + sslBump https interception and decryption
From: Franz Angeli [mailto:franz.ang...@gmail.com] I configured one debian box with squid 3.1 (compiling it with ssl support) enabling sslBump feature with a self signed certificate, obviously browser and applications warn about the certificate but all seems to work. Is there a way to use trusted certificate for removing that warning (sorry for this dumb question but some applications doesn't permit certificate exception list like firefox for example)? If you have the signed certificate for the URL you're developing for, then yes, you can use the certificate. For example, if your app is going to app.squid-cache.org and you have the signed certificate for app.squid-cache.org or *.squid-cache.org, then everything will be happy. But, if you're trying to intercept the traffic for a third-party domain, no, you can't. The best you can do, is to create your own CA and add the public certificate to the browser/application, if it even allows you to. -Dan
RE: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Hi Christos Thanks for the reply. Sorry that was my mistake, I removed some sensitive info from the location header URL but forgot to modify the null-body value. It should have read null-body=100 (I removed 60 chars/bytes). You might be right and it might still be out by two. I will have a look. Have you Squid 3.1 working with ICAP? I am wondering if there are any known issues with ICAP support in v3.1? Thanks Niall Christos Tsantilas wrote: Niall O'Cuilinn wrote: Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response where the ICAP server is returning a HTTP 302 response rather than modifying the original HTTP request. Hi Niall, I believe the Encapsulated header in the ICAP server response is wrong. The null-body=160 should be the size of the encapsulated Http headers, if I am not wrong should be null-body=102. Regards, Christos Here is the ICAP request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: ReqModService\r\n Encapsulated: res-hdr=0,null-body=160\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Squid displays an ICAP error in the browser and states that an illegal response was received from the ICAP server. Any ideas what might be wrong? Although the ICAP server worked correctly with Squid 3.0 I am open to the possibility that the issue is with the ICAP response and that the old Squid was simply more tolerant than v3.1. Thanks in advance, Niall Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Hi, Just resending the correct request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: ReqModService\r\n Encapsulated: res-hdr=0,null-body=100\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Hi I had a look at the null-body values. They correctly match the length of the HTTP 302 response headers block. The extra two bytes is an extra line return. You can see that after the last header there are three '\r\n' line returns. I tried removing one of them but the result was the same. I also turned on more detailed debug logging and found this in the cache.log: -- 2010/04/14 17:03:05.494| HttpReply::sanityCheckStartLine: missing or invalid status number in 'HTTP/1.x 302 Found content-type: text/html location: https://localhost:8443/mib/authentication/checkCookie?backURL=http%3A%2F%2Fc.proxy.com%2Fwww.google.ie ' - I changed the ICAP Server to return 'HTTP/1.0' instead of 'HTTP/1.x' and now it is working. This worked using 'HTTP/1.x' on Squid 3.0. The version I'm using is Squid3.1.1 Thanks Niall This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
On Wed, 14 Apr 2010 18:10:04 +0100, Niall O'Cuilinn nocuil...@amdocs.com wrote: Hi I had a look at the null-body values. They correctly match the length of the HTTP 302 response headers block. The extra two bytes is an extra line return. You can see that after the last header there are three '\r\n' line returns. I tried removing one of them but the result was the same. I also turned on more detailed debug logging and found this in the cache.log: -- 2010/04/14 17:03:05.494| HttpReply::sanityCheckStartLine: missing or invalid status number in 'HTTP/1.x 302 Found content-type: text/html location: https://localhost:8443/mib/authentication/checkCookie?backURL=http%3A%2F%2Fc.proxy.com%2Fwww.google.ie ' - I changed the ICAP Server to return 'HTTP/1.0' instead of 'HTTP/1.x' and now it is working. This worked using 'HTTP/1.x' on Squid 3.0. The version I'm using is Squid3.1.1 Thanks Niall Looks like your previous version of 3.0 was vulnerable to CVE2009-2622. Squid-3.1.1 is fixed. Amos
[squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response where the ICAP server is returning a HTTP 302 response rather than modifying the original HTTP request. Here is the ICAP request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: ReqModService\r\n Encapsulated: res-hdr=0,null-body=160\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Squid displays an ICAP error in the browser and states that an illegal response was received from the ICAP server. Any ideas what might be wrong? Although the ICAP server worked correctly with Squid 3.0 I am open to the possibility that the issue is with the ICAP response and that the old Squid was simply more tolerant than v3.1. Thanks in advance, Niall Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: [squid-users] Squid 3.1 ICAP Issue with REQMOD 302
Niall O'Cuilinn wrote: Hi, I have recently moved from Squid 3.0 to Squid 3.1. I am trying to integrate it with an ICAP server. I am having a problem where Squid 3.1 is rejecting some responses from the ICAP server which Squid 3.0 accepted. The response in question is a REQMOD response where the ICAP server is returning a HTTP 302 response rather than modifying the original HTTP request. Hi Niall, I believe the Encapsulated header in the ICAP server response is wrong. The null-body=160 should be the size of the encapsulated Http headers, if I am not wrong should be null-body=102. Regards, Christos Here is the ICAP request and response: ICAP Request from Squid: REQMOD icap://10.1.1.25:1344/reqmod ICAP/1.0\r\n Host: 10.1.1.25:1344\r\n Date: Mon, 12 Apr 2010 14:25:39 GMT\r\n Encapsulated: req-hdr=0, null-body=398\r\n Allow: 204\r\n \r\n GET http://c.proxy.com/www.test.com/ HTTP/1.1\r\n Host: c.proxy.com\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-gb,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Pragma: no-cache\r\n Cache-Control: no-cache\r\n \r\n Response from ICAP Server: ICAP/1.0 200 OK\r\n Date: Mon, 12 Apr 2010 14:25:15 GMT\r\n Connection: keep-alive\r\n ISTag: ReqModService\r\n Encapsulated: res-hdr=0,null-body=160\r\n \r\n HTTP/1.x 302 Found\r\n content-type: text/html\r\n location: https://localhost:8443/mib/authentication\r\n \r\n \r\n Squid displays an ICAP error in the browser and states that an illegal response was received from the ICAP server. Any ideas what might be wrong? Although the ICAP server worked correctly with Squid 3.0 I am open to the possibility that the issue is with the ICAP response and that the old Squid was simply more tolerant than v3.1. Thanks in advance, Niall Niall Ó Cuilinn Product Development ChangingWorlds - A Unit of Amdocs Interactive t: +353 1 4401268 | niall.ocuil...@changingworlds.com AMDOCS CUSTOMER EXPERIENCE SYSTEMS INNOVATION This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
[squid-users] squid 3.1 + bridge + ebtables ??-- linux-nelfilter o linux-tproxy4 ?
hello list I'm compiling squid 3.1 and wanted to know which option should I choose to set it as ebtables + bridge + squid3 if - enable-linux-netfilter or enable-linux-tproxy? Thanks
Re: [squid-users] squid 3.1 + bridge + ebtables ??-- linu x-nelfilter o linux-tproxy4 ?
On Wed, 17 Mar 2010 20:12:15 -0300, Ariel lauchafernan...@gmail.com wrote: hello list I'm compiling squid 3.1 and wanted to know which option should I choose to set it as ebtables + bridge + squid3 if - enable-linux-netfilter or enable-linux-tproxy? Thanks --enable-linux-netfilter Amos
[squid-users] squid 3.1 + tproxy + iptables 1.4.3 -url filter not working
hi all i setup my squid proxy follow this url kernel version iptables all match Minimum Requirements http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support some diffenernt ip route add default via isp'gateway dev ppp0 table 100 my squid.conf #Recommended minimum configuration: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT #url filter acl badDomain dstdomain yahoo.com acl keyword url_regex -i plurk http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow myDomain # And finally deny all other access to this proxy http_access deny all icp_access allow localnet icp_access deny all #Allow HTCP queries from local networks only htcp_access allow localnet htcp_access deny all visible_hostname testlab # Squid normally listens to port 3128 #http_port 3128 transparent http_port 3129 tproxy #http_port 3128 tproxy transparent cache deny all access_log /usr/local/squid/var/logs/access.log squid #cache_dir null /tmp cache_store_log none cache_effective_user squid cache_effective_group squid when i start my squid proxy the traffic is via ppp0 to internet but url filter rule is notworking ! this squid.conf is copy from squid 3.0 i use squid 3.1 because i want ctrol the traffic out going multi wan please give me any advice thank a lot
Re: [squid-users] squid 3.1 + tproxy + iptables 1.4.3 -url filter not working
mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih: when i start my squid proxy the traffic is via ppp0 to internet but url filter rule is notworking ! Is there anything in access.log? Regards Henrik
Re: [squid-users] squid 3.1 + tproxy + iptables 1.4.3 -url filter not working
2010/3/8 Henrik Nordstrom hen...@henriknordstrom.net: mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih: when i start my squid proxy the traffic is via ppp0 to internet but url filter rule is notworking ! Is there anything in access.log? Regards Henrik there is nothing access.log cache log 2010/03/08 12:27:44| WARNING: -D command-line option is obsolete. 2010/03/08 12:27:44| Warning: empty ACL: acl exempt src 2010/03/08 12:27:44| Starting Squid Cache version 3.1.0.14 for i686-pc-linux-gnu... 2010/03/08 12:27:44| Process ID 29452 2010/03/08 12:27:44| With 1024 file descriptors available 2010/03/08 12:27:44| Initializing IP Cache... 2010/03/08 12:27:44| DNS Socket created at [::], FD 4 2010/03/08 12:27:44| Adding nameserver 168.95.1.1 from /etc/resolv.conf 2010/03/08 12:27:44| Unlinkd pipe opened on FD 9 2010/03/08 12:27:44| Store logging disabled 2010/03/08 12:27:44| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2010/03/08 12:27:44| Target number of buckets: 1008 2010/03/08 12:27:44| Using 8192 Store buckets 2010/03/08 12:27:44| Max Mem size: 262144 KB 2010/03/08 12:27:44| Max Swap size: 0 KB 2010/03/08 12:27:44| Using Least Load store dir selection 2010/03/08 12:27:44| Current Directory is /usr/local/squid 2010/03/08 12:27:44| Loaded Icons. 2010/03/08 12:27:44| Accepting spoofing HTTP connections at 0.0.0.0:3129, FD 10. 2010/03/08 12:27:44| HTCP Disabled. 2010/03/08 12:27:44| IcmpSquid.cc(253) Open: Pinger socket opened on FD 12 2010/03/08 12:27:44| Squid modules loaded: 0 2010/03/08 12:27:44| Ready to serve requests. 2010/03/08 12:27:45| storeLateRelease: released 0 objects #http_port 3128 tproxy transparent this syntax is not support or http_port 3128 transparent http_port 3129 tproxy i'm so confuse everything is fine when i use squid 3.0 i just modify conf add visible_hostname and #cache_dir null /tmp http_port 3129 tproxy thanks for any advice
Re: [squid-users] squid 3.1 + tproxy + iptables 1.4.3 -url filter not working
Dong-Yuan Shih wrote: 2010/3/8 Henrik Nordstrom hen...@henriknordstrom.net: mån 2010-03-08 klockan 19:56 +0800 skrev Dong-Yuan Shih: when i start my squid proxy the traffic is via ppp0 to internet but url filter rule is notworking ! Is there anything in access.log? Regards Henrik there is nothing access.log Therefore requests are not arriving at Squid. Your iptables rules are not working. cache log 2010/03/08 12:27:44| WARNING: -D command-line option is obsolete. 2010/03/08 12:27:44| Warning: empty ACL: acl exempt src Strangely there is no such ACL in the config you told us you were running... 2010/03/08 12:27:44| Starting Squid Cache version 3.1.0.14 for i686-pc-linux-gnu... 2010/03/08 12:27:44| Process ID 29452 2010/03/08 12:27:44| With 1024 file descriptors available 2010/03/08 12:27:44| Initializing IP Cache... 2010/03/08 12:27:44| DNS Socket created at [::], FD 4 2010/03/08 12:27:44| Adding nameserver 168.95.1.1 from /etc/resolv.conf 2010/03/08 12:27:44| Unlinkd pipe opened on FD 9 2010/03/08 12:27:44| Store logging disabled 2010/03/08 12:27:44| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2010/03/08 12:27:44| Target number of buckets: 1008 2010/03/08 12:27:44| Using 8192 Store buckets 2010/03/08 12:27:44| Max Mem size: 262144 KB 2010/03/08 12:27:44| Max Swap size: 0 KB 2010/03/08 12:27:44| Using Least Load store dir selection 2010/03/08 12:27:44| Current Directory is /usr/local/squid 2010/03/08 12:27:44| Loaded Icons. 2010/03/08 12:27:44| Accepting spoofing HTTP connections at 0.0.0.0:3129, FD 10. TPROXY is up and running as far as Squid can tell. However, note that 3.1.0.14 does not have the upgrade to warn properly when libcap2 is missing or not working properly. You will need the to build Squid from the current snapshot to get that. We had a bug that broke TPROXY for 3.1.0.16 and 3.1.0.17 release bundles sorry. 2010/03/08 12:27:44| HTCP Disabled. 2010/03/08 12:27:44| IcmpSquid.cc(253) Open: Pinger socket opened on FD 12 2010/03/08 12:27:44| Squid modules loaded: 0 2010/03/08 12:27:44| Ready to serve requests. 2010/03/08 12:27:45| storeLateRelease: released 0 objects #http_port 3128 tproxy transparent this syntax is not support Yes, that is broken syntax above. or http_port 3128 transparent http_port 3129 tproxy # Receive DNAT or REDIRECT traffic (for squid 3.1) http_port 3128 intercept # Receive TPROXY traffic http_port 3129 tproxy i'm so confuse everything is fine when i use squid 3.0 i just modify conf add visible_hostname and #cache_dir null /tmp http_port 3129 tproxy thanks for any advice 3.0 does not support TPROXY so it will not work, even if it looks fine and requests happen. Your logs will be garbage and no spoofing will happen. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24 Current Beta Squid 3.1.0.17
Re: [squid-users] squid 3.1 and error_directory
Amos Jeffries wrote: Eugene M. Zheganin wrote: Hi. Recently I decided to look on 3.1 branch on my test proxy. Everything seems to work fine, but I'm stuck with the problem with the error messages. Whatever I do with the error_directory/error_default_language settings (leaving 'em commented out, or setting 'em to something) in my browser I see corrupted symbols. These are neither latin, nor cyrillic. They do look like it is UTF-8 treated like Cp1251, for example. Changing encoding of the page in browser doesn't help. And the charset in meta/ tag of such page is always us-ascii (why ?). Um, thank you. I've seen something like this before. Will get on and check the fix. The symbols you are seeing is probably UTF-8 treated as us-ascii. I've seen it as an artifact of 'tidy html' which is used by default on the translation toolkit we build the error pages with. I just have to check that is true and update the sources to leave the generated files slightly mangled. How can I make pages be displayed at least in english ? I thought that this can be achieved by setting error_default_language to en, but I was wrong again. I thought I am familiar with squid error directory and creating my own templates for 2.x/3.0 branches, but definitely I'm not with the 3.1 They are almost the same. The base templates are in templates/ERR_* for copying and adding your own ones in templates/* too. That is the big difference, that your local templates always go in templates/* or a custom directory (with error_default_language pointing at it). Amos Sorry this took so long. It's now fixed and winding its way down to the next releases. Please grab the langpack bundle after the next set of snapshots. It should contain corrected language files by this time tomorrow. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
Re: [squid-users] squid 3.1 and error_directory
Eugene M. Zheganin wrote: Hi. Recently I decided to look on 3.1 branch on my test proxy. Everything seems to work fine, but I'm stuck with the problem with the error messages. Whatever I do with the error_directory/error_default_language settings (leaving 'em commented out, or setting 'em to something) in my browser I see corrupted symbols. These are neither latin, nor cyrillic. They do look like it is UTF-8 treated like Cp1251, for example. Changing encoding of the page in browser doesn't help. And the charset in meta/ tag of such page is always us-ascii (why ?). Um, thank you. I've seen something like this before. Will get on and check the fix. The symbols you are seeing is probably UTF-8 treated as us-ascii. I've seen it as an artifact of 'tidy html' which is used by default on the translation toolkit we build the error pages with. I just have to check that is true and update the sources to leave the generated files slightly mangled. How can I make pages be displayed at least in english ? I thought that this can be achieved by setting error_default_language to en, but I was wrong again. I thought I am familiar with squid error directory and creating my own templates for 2.x/3.0 branches, but definitely I'm not with the 3.1 They are almost the same. The base templates are in templates/ERR_* for copying and adding your own ones in templates/* too. That is the big difference, that your local templates always go in templates/* or a custom directory (with error_default_language pointing at it). Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16
[squid-users] squid 3.1 and error_directory
Hi. Recently I decided to look on 3.1 branch on my test proxy. Everything seems to work fine, but I'm stuck with the problem with the error messages. Whatever I do with the error_directory/error_default_language settings (leaving 'em commented out, or setting 'em to something) in my browser I see corrupted symbols. These are neither latin, nor cyrillic. They do look like it is UTF-8 treated like Cp1251, for example. Changing encoding of the page in browser doesn't help. And the charset in meta/ tag of such page is always us-ascii (why ?). How can I make pages be displayed at least in english ? I thought that this can be achieved by setting error_default_language to en, but I was wrong again. I thought I am familiar with squid error directory and creating my own templates for 2.x/3.0 branches, but definitely I'm not with the 3.1 Thanks.
Re: [squid-users] Squid 3.1 + mrtg
Hey Thanx Henrik, And Amos, Yes Definitely I can test them for sure. I here to do any help I can offer Regards Babs On Mon, Nov 9, 2009 at 11:13 AM, Amos Jeffries squ...@treenet.co.nz wrote: Babu Chaliyath wrote: Converting IPv4 address fields to IPv6+IPv4 shared trees... The client info table had cacheClientAddressType added as .1, cacheClientAddress shuffled to .2 ... which bumped all cacheClient* from .N to .N+1 The peering table had cachePeerIndex added as .1 and cacheClientAddressType added as .2 ... which bumped all cachePeer* from .N to .N+2 Amos Now thats all going above my head as far as mrtg setup for the squid 3.1 is concerned. Can U guys tell me where and what changes I need to make it working? Sorry for this but I couldnt get much idea from these. Regards Babs Um, I think the best way to go forward is for us to fix this ASAP. Are you able to test patches if I do the code? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
Re: [squid-users] Squid 3.1 + mrtg
Converting IPv4 address fields to IPv6+IPv4 shared trees... The client info table had cacheClientAddressType added as .1, cacheClientAddress shuffled to .2 ... which bumped all cacheClient* from .N to .N+1 The peering table had cachePeerIndex added as .1 and cacheClientAddressType added as .2 ... which bumped all cachePeer* from .N to .N+2 Amos Now thats all going above my head as far as mrtg setup for the squid 3.1 is concerned. Can U guys tell me where and what changes I need to make it working? Sorry for this but I couldnt get much idea from these. Regards Babs
Re: [squid-users] Squid 3.1 + mrtg
tis 2009-11-03 klockan 17:25 +1300 skrev Amos Jeffries: MIB numbering should never change. Old numbers may cease to exists when their data sources go away and new number appear as new info gets published, but existing numbering should not change... Converting IPv4 address fields to IPv6+IPv4 shared trees... The client info table had cacheClientAddressType added as .1, cacheClientAddress shuffled to .2 ... which bumped all cacheClient* from .N to .N+1 The peering table had cachePeerIndex added as .1 and cacheClientAddressType added as .2 ... which bumped all cachePeer* from .N to .N+2 Ugh.. that needs to be redone. The new field needs to be added after the other ones. It is not permissible to renumber existing MIB entries like this, or to reuse a old MIB entry for other purpose. I'll file a bug on that so it's not forgotten. Regards Henrik
Re: [squid-users] Squid 3.1 + mrtg
Babu Chaliyath wrote: Converting IPv4 address fields to IPv6+IPv4 shared trees... The client info table had cacheClientAddressType added as .1, cacheClientAddress shuffled to .2 ... which bumped all cacheClient* from .N to .N+1 The peering table had cachePeerIndex added as .1 and cacheClientAddressType added as .2 ... which bumped all cachePeer* from .N to .N+2 Amos Now thats all going above my head as far as mrtg setup for the squid 3.1 is concerned. Can U guys tell me where and what changes I need to make it working? Sorry for this but I couldnt get much idea from these. Regards Babs Um, I think the best way to go forward is for us to fix this ASAP. Are you able to test patches if I do the code? Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
[squid-users] Squid 3.1 + mrtg
Hi List, Struggling to get mrtg working with squid. No values shown in the mrtg graph. My System as follows OS Freebsd 7.2 Squid 3.1.0.14 Snmpwalk 5.4.2.1 mrtg 2.16.2 Squid snmp acls are working fine as I am getting results with following command #snmpwalk -m /usr/local/etc/squid/mib.txt -v2c -Cc -c public localhost:3401 .1.3.6.1.4.1.3495.1.1 But when I run mrtg I am getting following errors Unknown SNMP var cacheServerRequests at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheServerRequests at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheUptime at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheSoftware at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheVersionId Btw I am using the mrtg configurator downloaded from Adrian Chadd's squid blog. Available in http://www.xenion.com.au/static/squid-mrtg-1.0.tar.gz It would be great if any can help me out with some clues where I am going wrong. Regards Babs
Re: [squid-users] Squid 3.1 + mrtg
Babu Chaliyath wrote: Hi List, Struggling to get mrtg working with squid. No values shown in the mrtg graph. My System as follows OS Freebsd 7.2 Squid 3.1.0.14 Snmpwalk 5.4.2.1 mrtg 2.16.2 Squid snmp acls are working fine as I am getting results with following command #snmpwalk -m /usr/local/etc/squid/mib.txt -v2c -Cc -c public localhost:3401 .1.3.6.1.4.1.3495.1.1 But when I run mrtg I am getting following errors Unknown SNMP var cacheServerRequests at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheServerRequests at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheUptime at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheSoftware at /usr/local/bin/mrtg line 2202 Unknown SNMP var cacheVersionId Btw I am using the mrtg configurator downloaded from Adrian Chadd's squid blog. Available in http://www.xenion.com.au/static/squid-mrtg-1.0.tar.gz It would be great if any can help me out with some clues where I am going wrong. Regards Babs Make sure that the mib.txt you/mrtg are using came from the 3.1 source code. There have been major changes to the MIB numbering in 3.1. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
Re: [squid-users] Squid 3.1 + mrtg
mån 2009-11-02 klockan 23:47 +1300 skrev Amos Jeffries: Make sure that the mib.txt you/mrtg are using came from the 3.1 source code. There have been major changes to the MIB numbering in 3.1. Hmm.. what kind of changes? MIB numbering should never change. Old numbers may cease to exists when their data sources go away and new number appear as new info gets published, but existing numbering should not change... Regards Henrik
Re: [squid-users] Squid 3.1 + mrtg
Make sure that the mib.txt you/mrtg are using came from the 3.1 source code. There have been major changes to the MIB numbering in 3.1. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14 Hi, thanx for the reply Yes I am using the mib.txt file which came with squid 3.1 only. I have installed it from the ports. Regards Babs
Re: [squid-users] Squid 3.1 + mrtg
Henrik Nordstrom wrote: mån 2009-11-02 klockan 23:47 +1300 skrev Amos Jeffries: Make sure that the mib.txt you/mrtg are using came from the 3.1 source code. There have been major changes to the MIB numbering in 3.1. Hmm.. what kind of changes? MIB numbering should never change. Old numbers may cease to exists when their data sources go away and new number appear as new info gets published, but existing numbering should not change... Converting IPv4 address fields to IPv6+IPv4 shared trees... The client info table had cacheClientAddressType added as .1, cacheClientAddress shuffled to .2 ... which bumped all cacheClient* from .N to .N+1 The peering table had cachePeerIndex added as .1 and cacheClientAddressType added as .2 ... which bumped all cachePeer* from .N to .N+2 Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
* Ralf Hildebrandt ralf.hildebra...@charite.de: * Matus UHLAR - fantomas uh...@fantomas.sk: so the problem was not 3.1 uses too many connections but 2.7 drops connections when it should not. A bit funny ;) I made some more experiments and found out that the problem is between the Squid in front of dansguardian. client - squid_in_front - dansguardian - squid_behind - Internet I was able to replace the squid 2.7.x behind dansguardian with a 3.1.x version without negative impacts (except for frequent crashes). I increased the maximum number of dansguardian processes and found that squid3 would use 297 dansguardian processes, about 2.5 times the number 2.7.x would keep busy. Dunno if that's a good or bad sign. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1: comm_open: socket failure: (97) Address family not supported by protocol
Amos Jeffries wrote: You have IPv6 disabled in your system somehow. Squid opens IPv4/IPv6 hybrid sockets to receive and send both v4 and v6 traffic in one socket for simplicity and ease of transition. If that fails like in your case it falls back to IPv4-only sockets. I recommend re-enabling IPv6 socket capability in your OS. If you have OpenBSD or MacOSX they do not support these hybrid socket features at all. I'm still working on getting support for their 'split-stack'. So they will work very slightly better for now with IPv6 disabled in Squid. Amos What are the plans here? I just tried to run Squid 3.1.0.14 on OpenBSD 4.6 with IPv6 enabled. I get: 2009/10/14 09:34:18| comm_open: setsockopt(IPV6_V6ONLY) on FD 15: (22) Invalid Argument So, is IPv6 currently not usable under OpenBSD at all? Or do i have to set some special compile options? -- Matthias
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
Ralf Hildebrandt wrote: I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? * Amos Jeffries squ...@treenet.co.nz: Looks that way. The defaults for persistent connections have not changed between 2.x and 3.x though AFAIK. mån 2009-10-12 klockan 16:48 +0200 skrev Ralf Hildebrandt: Hm. So did 2.7.x use persisten connections? On 13.10.09 01:12, Henrik Nordstrom wrote: Yes. But bug #2451 made it drop the upstream connections a bit too often... fixed in 2.7.STABLE7. so the problem was not 3.1 uses too many connections but 2.7 drops connections when it should not. A bit funny ;) -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #9: Out of error messages.
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
* Matus UHLAR - fantomas uh...@fantomas.sk: so the problem was not 3.1 uses too many connections but 2.7 drops connections when it should not. A bit funny ;) I made some more experiments and found out that the problem is between the Squid in front of dansguardian. client - squid_in_front - dansguardian - squid_behind - Internet I was able to replace the squid 2.7.x behind dansguardian with a 3.1.x version without negative impacts (except for frequent crashes). -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
Ralf Hildebrandt wrote: * Matus UHLAR - fantomas uh...@fantomas.sk: so the problem was not 3.1 uses too many connections but 2.7 drops connections when it should not. A bit funny ;) I made some more experiments and found out that the problem is between the Squid in front of dansguardian. client - squid_in_front - dansguardian - squid_behind - Internet I was able to replace the squid 2.7.x behind dansguardian with a 3.1.x version without negative impacts (except for frequent crashes). Hmm, now there is a worry! Exact 3.1 version? details of crash? etc, etc. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
Re: [squid-users] Squid-3.1: comm_open: socket failure: (97) Address family not supported by protocol
Silamael wrote: Amos Jeffries wrote: You have IPv6 disabled in your system somehow. Squid opens IPv4/IPv6 hybrid sockets to receive and send both v4 and v6 traffic in one socket for simplicity and ease of transition. If that fails like in your case it falls back to IPv4-only sockets. I recommend re-enabling IPv6 socket capability in your OS. If you have OpenBSD or MacOSX they do not support these hybrid socket features at all. I'm still working on getting support for their 'split-stack'. So they will work very slightly better for now with IPv6 disabled in Squid. Amos What are the plans here? I just tried to run Squid 3.1.0.14 on OpenBSD 4.6 with IPv6 enabled. I get: 2009/10/14 09:34:18| comm_open: setsockopt(IPV6_V6ONLY) on FD 15: (22) Invalid Argument So, is IPv6 currently not usable under OpenBSD at all? Or do i have to set some special compile options? Yes. OpenBSD needs to --disable-ipv6 :( Support is being worked on and tested in 3.HEAD. The results are progressing slowly, but not usable enough to be brought into 3.1 yet. We have got past that V6ONLY issue, and some DNS ones. Now the main TCP links are simply hanging :( I have high hopes that that will be the final blocker bug for IPv6 support in OpenBSD. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
[squid-users] Squid-3.1 behaving differently from 2.7.x?
I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
* Ralf Hildebrandt ralf.hildebra...@charite.de: I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? I also tried 3.0.STABLE19-1, same effect -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
Ralf Hildebrandt wrote: I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? Looks that way. The defaults for persistent connections have not changed between 2.x and 3.x though AFAIK. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
* Amos Jeffries squ...@treenet.co.nz: Ralf Hildebrandt wrote: I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? Looks that way. The defaults for persistent connections have not changed between 2.x and 3.x though AFAIK. Hm. So did 2.7.x use persisten connections? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1 behaving differently from 2.7.x?
mån 2009-10-12 klockan 16:48 +0200 skrev Ralf Hildebrandt: * Amos Jeffries squ...@treenet.co.nz: Ralf Hildebrandt wrote: I'm running squid in this setup: client - squid - dansguardian - squid - teh interwebs When using 2.7-STABLE-7 for both squid instances, I saw about 100 dansguardian processes. Today, after switching both to 3.1.0.14, I'm seeing a constant 252 dansguardian processes (the maximum). Is squid-3.1 somehow keeping connections open to it's parent? Looks that way. The defaults for persistent connections have not changed between 2.x and 3.x though AFAIK. Hm. So did 2.7.x use persisten connections? Yes. But bug #2451 made it drop the upstream connections a bit too often... fixed in 2.7.STABLE7. Regards Henrik
[squid-users] Squid-3.1: comm_open: socket failure: (97) Address family not supported by protocol
With squid-3.1 I'm getting this error: 2009/10/11 10:56:30| Starting Squid Cache version 3.1.0.14 for i486-pc-linux-gnu... 2009/10/11 10:56:30| Process ID 19416 2009/10/11 10:56:30| With 4096 file descriptors available 2009/10/11 10:56:30| Initializing IP Cache... 2009/10/11 10:56:30| comm_open: socket failure: (97) Address family not supported by protocol 2009/10/11 10:56:30| DNS Socket created at 0.0.0.0, FD 6 2009/10/11 10:56:30| Adding domain charite.de from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 141.42.1.11 from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 141.42.2.22 from /etc/resolv.conf 2009/10/11 10:56:31| Unlinkd pipe opened on FD 11 2009/10/11 10:56:31| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2009/10/11 10:56:31| Store logging disabled 2009/10/11 10:56:31| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2009/10/11 10:56:31| Target number of buckets: 1008 2009/10/11 10:56:31| Using 8192 Store buckets 2009/10/11 10:56:31| Max Mem size: 262144 KB 2009/10/11 10:56:31| Max Swap size: 0 KB 2009/10/11 10:56:31| Using Least Load store dir selection 2009/10/11 10:56:31| Current Directory is /etc/service/squid-nocache 2009/10/11 10:56:31| Loaded Icons. 2009/10/11 10:56:31| Accepting HTTP connections at 127.0.0.1:, FD 12. 2009/10/11 10:56:31| HTCP Disabled. 2009/10/11 10:56:31| Squid modules loaded: 0 2009/10/11 10:56:31| Adaptation support is off. 2009/10/11 10:56:31| Ready to serve requests. 2009/10/11 10:56:31| comm_open: socket failure: (97) Address family not supported by protocol ... Config: http_port localhost: ftp_list_width 80 request_header_max_size 15 KB request_body_max_size 750 MB half_closed_clients off forwarded_for on #acl all src 0.0.0.0/0 http_access allow all no_cache deny all snmp_port 0 icp_port 0 cache_mgr mun...@charite.de visible_hostname proxy-cvk-1-nocache.charite.de #cache_dir null /tmp icon_directory /usr/share/squid3/icons error_directory /usr/share/squid3/errors/de #logformat squidport %ts.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un %Sh/%A %mt %p # cache_access_log /var/log/squid/access-nocache.log squidport cache_access_log /var/log/squid/access-nocache.log cache_log /var/log/squid/cache-nocache.log cache_store_log none pid_filename /var/run/squid-nocache.pid
Re: [squid-users] Squid-3.1: comm_open: socket failure: (97) Address family not supported by protocol
* Ralf Hildebrandt ralf.hildebra...@charite.de: With squid-3.1 I'm getting this error: My other squid instance reports: 2009/10/11 11:30:57| comm_udp_sendto: FD 6, (family=10) 127.0.0.1:53: (97) Address family not supported by protocol 2009/10/11 11:30:57| idnsSendQuery: FD 6: sendto: (97) Address family not supported by protocol 2009/10/11 11:30:57| comm_udp_sendto: FD 6, (family=10) 141.42.1.11:53: (97) Address family not supported by protocol 2009/10/11 11:30:57| idnsSendQuery: FD 6: sendto: (97) Address family not supported by protocol Which seems related somehow. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1: comm_open: socket failure: (97) Address family not supported by protocol
* Ralf Hildebrandt ralf.hildebra...@charite.de: * Ralf Hildebrandt ralf.hildebra...@charite.de: With squid-3.1 I'm getting this error: My other squid instance reports: 2009/10/11 11:30:57| comm_udp_sendto: FD 6, (family=10) 127.0.0.1:53: (97) Address family not supported by protocol 2009/10/11 11:30:57| idnsSendQuery: FD 6: sendto: (97) Address family not supported by protocol 2009/10/11 11:30:57| comm_udp_sendto: FD 6, (family=10) 141.42.1.11:53: (97) Address family not supported by protocol 2009/10/11 11:30:57| idnsSendQuery: FD 6: sendto: (97) Address family not supported by protocol Which seems related somehow. My machine had no ipv6 support, the Debian package was built WITH ipv6 support - fail -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: [squid-users] Squid-3.1: comm_open: socket failure : (97) Address family not supported by protocol
On Sun, 11 Oct 2009 11:05:52 +0200, Ralf Hildebrandt ralf.hildebra...@charite.de wrote: With squid-3.1 I'm getting this error: 2009/10/11 10:56:30| Starting Squid Cache version 3.1.0.14 for i486-pc-linux-gnu... 2009/10/11 10:56:30| Process ID 19416 2009/10/11 10:56:30| With 4096 file descriptors available 2009/10/11 10:56:30| Initializing IP Cache... 2009/10/11 10:56:30| comm_open: socket failure: (97) Address family not supported by protocol 2009/10/11 10:56:30| DNS Socket created at 0.0.0.0, FD 6 2009/10/11 10:56:30| Adding domain charite.de from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 141.42.1.11 from /etc/resolv.conf 2009/10/11 10:56:30| Adding nameserver 141.42.2.22 from /etc/resolv.conf 2009/10/11 10:56:31| Unlinkd pipe opened on FD 11 2009/10/11 10:56:31| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2009/10/11 10:56:31| Store logging disabled 2009/10/11 10:56:31| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2009/10/11 10:56:31| Target number of buckets: 1008 2009/10/11 10:56:31| Using 8192 Store buckets 2009/10/11 10:56:31| Max Mem size: 262144 KB 2009/10/11 10:56:31| Max Swap size: 0 KB 2009/10/11 10:56:31| Using Least Load store dir selection 2009/10/11 10:56:31| Current Directory is /etc/service/squid-nocache 2009/10/11 10:56:31| Loaded Icons. 2009/10/11 10:56:31| Accepting HTTP connections at 127.0.0.1:, FD 12. 2009/10/11 10:56:31| HTCP Disabled. 2009/10/11 10:56:31| Squid modules loaded: 0 2009/10/11 10:56:31| Adaptation support is off. 2009/10/11 10:56:31| Ready to serve requests. 2009/10/11 10:56:31| comm_open: socket failure: (97) Address family not supported by protocol You have IPv6 disabled in your system somehow. Squid opens IPv4/IPv6 hybrid sockets to receive and send both v4 and v6 traffic in one socket for simplicity and ease of transition. If that fails like in your case it falls back to IPv4-only sockets. I recommend re-enabling IPv6 socket capability in your OS. If you have OpenBSD or MacOSX they do not support these hybrid socket features at all. I'm still working on getting support for their 'split-stack'. So they will work very slightly better for now with IPv6 disabled in Squid. Amos
Re: [squid-users] Squid 3.1: ICAP and Round Robin for ICAP Services
Silamael wrote: Hello together, Is there any possiblity to realize a round robin scheduling for requests sent to ICAP services? Goal is to forward each HTTP request to the next available ICAP service due to load balancing issues. As far as i read the configuration manual, there is no option to to this. Can this behavior somehow realized by some sophisticated ACLs or some such? Thanks in advance! -- Matthias No ideas or is it just impossible to do with Squid? If the latter i perhaps have to add this functionality into Squid myself... The point because i need this is that we are currently running a setup using Squid 2.5 with the ICAP patch and that patch has the functionality of scheduling the requests to all configured ICAP servers. -- Matthias
Re: [squid-users] Squid 3.1: ICAP and Round Robin for ICAP Services
Silamael wrote: Silamael wrote: Hello together, Is there any possiblity to realize a round robin scheduling for requests sent to ICAP services? Goal is to forward each HTTP request to the next available ICAP service due to load balancing issues. As far as i read the configuration manual, there is no option to to this. Can this behavior somehow realized by some sophisticated ACLs or some such? Thanks in advance! -- Matthias No ideas or is it just impossible to do with Squid? If the latter i perhaps have to add this functionality into Squid myself... The point because i need this is that we are currently running a setup using Squid 2.5 with the ICAP patch and that patch has the functionality of scheduling the requests to all configured ICAP servers. -- Matthias There is nothing there to explicitly do this yet. It should be relatively easy to add round-robin to the 'bypass' alternative servers set selection. Contact measurement factory about it. Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.14
[squid-users] Squid 3.1: ICAP and Round Robin for ICAP Services
Hello together, Is there any possiblity to realize a round robin scheduling for requests sent to ICAP services? Goal is to forward each HTTP request to the next available ICAP service due to load balancing issues. As far as i read the configuration manual, there is no option to to this. Can this behavior somehow realized by some sophisticated ACLs or some such? Thanks in advance! -- Matthias
RE: [squid-users] Squid 3.1, Tproxy 4.1, WCCP, cache_peer sibling
-Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] This is the first I've heard of the problem. Thank you for pointing it out along with the fix. http://www.squid-cache.org/Versions/v3/HEAD/changesets/squid-3- 10004.patch Thanks Amos, I've patched our servers and they are working well. Michael.
[squid-users] Squid 3.1, Tproxy 4.1, WCCP, cache_peer sibling
I have a site with several squid servers setup as shown here http://wiki.squid-cache.org/Features/Tproxy4 All the Tproxy functionality is working fine. Now I would like to enable cache-peer sibling proxy-only to avoid duplication of objects between each server's hard drive. The servers sit in a dedicated subnet/vlan (router has ip wccp redirect exclude in on this subinterface ). If I enable cache_peer, I see that the ICP part works fine, but should server A try to fetch a HIT from server B, the connection fails because the source-ip is set to the client rather than server A. I end up with this type of thing in the cache.log 2009/09/19 17:53:09| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:09| Detected REVIVED Sibling: cache03.snipped 2009/09/19 17:53:11| TCP connection to cache03.snipped/8080 failed 2009/09/19 17:53:11| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:11| Detected REVIVED Sibling: cache03.snipped 2009/09/19 17:53:16| TCP connection to cache03.snipped/8080 failed 2009/09/19 17:53:16| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:16| Detected REVIVED Sibling: cache03.snipped I guess we need to be able to disable the Tproxy functionality when talking to local cache_peers ? I see that Adrian Chadd made a patch for Squid v2 http://code.google.com/p/lusca-cache/issues/detail?id=48 I was wondering if there were any plans for such a feature to be added to Squid v3.1? Michael.
Re: [squid-users] Squid 3.1, Tproxy 4.1, WCCP, cache_peer sibling
Michael Bowe wrote: I have a site with several squid servers setup as shown here http://wiki.squid-cache.org/Features/Tproxy4 All the Tproxy functionality is working fine. Now I would like to enable cache-peer sibling proxy-only to avoid duplication of objects between each server's hard drive. The servers sit in a dedicated subnet/vlan (router has ip wccp redirect exclude in on this subinterface ). If I enable cache_peer, I see that the ICP part works fine, but should server A try to fetch a HIT from server B, the connection fails because the source-ip is set to the client rather than server A. I end up with this type of thing in the cache.log 2009/09/19 17:53:09| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:09| Detected REVIVED Sibling: cache03.snipped 2009/09/19 17:53:11| TCP connection to cache03.snipped/8080 failed 2009/09/19 17:53:11| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:11| Detected REVIVED Sibling: cache03.snipped 2009/09/19 17:53:16| TCP connection to cache03.snipped/8080 failed 2009/09/19 17:53:16| Detected DEAD Sibling: cache03.snipped 2009/09/19 17:53:16| Detected REVIVED Sibling: cache03.snipped I guess we need to be able to disable the Tproxy functionality when talking to local cache_peers ? I see that Adrian Chadd made a patch for Squid v2 http://code.google.com/p/lusca-cache/issues/detail?id=48 Lusca is not Squid v2. It's a private branch of code Adrian is working on. Based on the old Squid code. Seems he made one for lusca but did not mention it to the Squid developers. Not surprising since Squid v2 does not support TPROXYv4 anyway, thats one of the bits he added to lusca since branching. I was wondering if there were any plans for such a feature to be added to Squid v3.1? This is the first I've heard of the problem. Thank you for pointing it out along with the fix. http://www.squid-cache.org/Versions/v3/HEAD/changesets/squid-3-10004.patch Amos -- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19 Current Beta Squid 3.1.0.13
[squid-users] squid 3.1 ntlm_smb_lm_auth --require-membership-of
Hello, I have a question regarding squid 3.1. I'd like to authenticate my users based on their AD group membership. In the previous squid version this was possible with ntlm_auth --require-membership-of=DOMAIN\\Group From what I understand ntlm_smb_lm_auth is the successor to ntlm_auth? And there is no such parameter for ntlm_smb_lm_auth Is there maybe another way to achieve my goal? Cheers Sebastian
Re: [squid-users] squid 3.1 ntlm_smb_lm_auth --require- membership-of
On Tue, 8 Sep 2009 16:37:55 +0200, Bammer Sebastian sebastian.bam...@wienerberger.com wrote: Hello, I have a question regarding squid 3.1. I'd like to authenticate my users based on their AD group membership. In the previous squid version this was possible with ntlm_auth --require-membership-of=DOMAIN\\Group From what I understand ntlm_smb_lm_auth is the successor to ntlm_auth? No ntlm_smb_lm_auth is a simple rename of the binary previously bundled with squid. It does not now and never has performed NTLM auth, it only does SMB LM auth via the NTLM challenge protocol. Thus the rename. For full NTLM auth use the Samba bundled helper which is still named ntlm_auth. And there is no such parameter for ntlm_smb_lm_auth Is there maybe another way to achieve my goal? Perhapse this parameter is for the Samba helper previously. Its the preferred binary to use for NTLM anyway. Amos
[squid-users] Squid 3.1 icap clamav
I am having trouble getting squid 3.1 configured with icap and clamav. I have it working with squid 3.0 but using the information on http://wiki.squid-cache.org/Features/ICAP I just get ICAP communication failed, nothing is getting logged in the icap logs so I am fairly sure that it is a squid config issue. -- John
Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
fulanpeng wrote: Hi, I have a Squid reverse proxy running with SSL support. People can access it with https://domainA.com. No problem. Now I want to set up another Squid proxy server to proxy it with SSL support. That means https://domainA -- https://domainB. My configuration file is similar like this for the parent. Please help to set up the child squid to proxy this parent. https_port 443 cert=/usr/newrprgate/CertAuth/testcert.cert key=/usr/newrprgate/CertAuth/testkey.pem defaultsite=mywebsite.mydomain.com vhost cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS name=websiteA acl sites_server_1 dstdomain websiteA.mydomain.com cache_peer_access websiteA allow sites_server_1 http_access allow sites_server_1 http_access deny all I have a similar problem. we try to establish an SSL connection between our reverse proxy and our sharepointserver. Over the internet we connect with https to the reverse proxy and he should forward the user via ssl to the sharepoint. i have the following entry in my squid logfiles: 2009/08/11 11:18:51| fwdNegotiateSSL: Error negotiating SSL connection on FD 13: error::lib(0):func(0):reason(0) (5/0/0) 2009/08/11 11:18:51| TCP connection to 10.xxx.xxx.xxx/443 failed anyone knows why this might happen? this is our cache_peer config: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on sslkey=//usr/newrprgate/CertAuth/sslkey.key sslcert=//usr/newrprgate/CertAuth/sslcert.cert name=*.*.com thanks in advance -- View this message in context: http://www.nabble.com/squid-3.1%3A-How-to-setup-a-Squid-SSL-reverse-proxy-for-a-parent-SSL--Squid-proxy--tp24911339p24914505.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
tis 2009-08-11 klockan 02:38 -0700 skrev chrischni: this is our cache_peer config: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on sslkey=//usr/newrprgate/CertAuth/sslkey.key sslcert=//usr/newrprgate/CertAuth/sslcert.cert name=*.*.com Probably it's not recognising the issuing CA. The sslkey sslcert options to cache_peer is for using a client side certificate for authenticating to the webserver (if requested by the webserver) and is not used for verifying the authenticity of the webserver. Regards Henrik
Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
Henrik Nordstrom-5 wrote: tis 2009-08-11 klockan 02:38 -0700 skrev chrischni: this is our cache_peer config: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on sslkey=//usr/newrprgate/CertAuth/sslkey.key sslcert=//usr/newrprgate/CertAuth/sslcert.cert name=*.*.com Probably it's not recognising the issuing CA. The sslkey sslcert options to cache_peer is for using a client side certificate for authenticating to the webserver (if requested by the webserver) and is not used for verifying the authenticity of the webserver. Regards Henrik am i getting this wrong, or does that mean, that we don´t need to specify a sslcert in the cache_peer line? should he connect to the sharepoint with ssl when i just use that??: cache_peer 10.xxx.xxx.xxx parent 443 0 ssl no-query originserver login=PASS front-end-https=on name=*.*.com -- View this message in context: http://www.nabble.com/squid-3.1%3A-How-to-setup-a-Squid-SSL-reverse-proxy-for-a-parent-SSL--Squid-proxy--tp24911339p24920234.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
tis 2009-08-11 klockan 08:47 -0700 skrev chrischni: am i getting this wrong, or does that mean, that we don´t need to specify a sslcert in the cache_peer line? Only if you want Squid to authenticate to the webserver using a client side certificate. should he connect to the sharepoint with ssl when i just use that??: Yes, but you probably also need to tell it where to find the CA certificate of the issuing CA. Depends a little on your OpenSSL installation and if the CA is already known to OpenSSL. If the sharepoint server is using a self-signed certificate then the servers certificate can be used as the CA. see the sslcapath, sslcafile, sslcrlfile and sslflags options to cache_peer for details on certificate locations and peer verificaiton options. Regards Henrik
[squid-users] squid 3.1: How to setup a Squid SSL reverse proxy for a parent SSL Squid proxy?
Hi, I have a Squid reverse proxy running with SSL support. People can access it with https://domainA.com. No problem. Now I want to set up another Squid proxy server to proxy it with SSL support. That means https://domainA -- https://domainB. My configuration file is similar like this for the parent. Please help to set up the child squid to proxy this parent. https_port 443 cert=/usr/newrprgate/CertAuth/testcert.cert key=/usr/newrprgate/CertAuth/testkey.pem defaultsite=mywebsite.mydomain.com vhost cache_peer 10.112.62.20 parent 80 0 no-query originserver login=PASS name=websiteA acl sites_server_1 dstdomain websiteA.mydomain.com cache_peer_access websiteA allow sites_server_1 http_access allow sites_server_1 http_access deny all
Re: [squid-users] Squid 3.1 Release Date
Amos Jeffries wrote: Silamael wrote: Francois Cami wrote: On Tue, Mar 3, 2009 at 8:32 AM, Silamael silam...@coronamundi.de wrote: Is there any date when Squid 3.1 will be official released? Thanks in advance! http://wiki.squid-cache.org/ReleaseProcess#head-eea0e990c0003af12917552175691a5120980cdd Thanks for the reply but this doesn't answer my question. I now that Squid 3.1 is already released in X.Y.0.z. I just wanted to know if there is any planned date. If you say, most likely in April, that's already enough. Just need an approximate date for some internal plannings. -- Matthias We don't exactly date things here. With everyone working on voluntary time its unpredictable. Though there has been a fairly regular 4-week cycle for new X.Y.0.z beta releases. For planning and upgrade testing, 3.1.0.6 is a fairly stable point to begins with. Back before we/I decided to adopt the fluid feature inclusion we had a set of approved features for 3.1. The last of these given a guarantee of being in 3.1 is still grinding it's way through testing (far too slowly). I expect that will take us through March and maybe April before 3.1 gets a chance of even starting the stable waiting period. There is also a short list of RC bugs which we consider major enough to need fixing before we call it stable. Many of these bugs are only confirmed to exist in 3.0. But they are serious enough that we really NEED someone who can see them in 3.0 to test 3.1 and confirm they are not still hiding. Last time I had to guesstimate a timeline I said mid-year (june/july) 2009, I've seen no reason to change it for better or worse yet. Amos Seeing as its june/july time period now I reckon it's also time for an update. Since I wrote that in March: * The last holdout feature mentioned has now been removed from the 3.1 blockers list. * 3.1.0.9 will have everything short of bug fixes included by the end of June. * Rollout of official beta packages has begun on OS distributions. * More RC bugs are appearing, but people are more dedicated than ever to fixing them. So July 1st is looking like the start of the end-game on 3.1 betas. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
Re: [squid-users] Squid 3.1 Release Date
Silamael wrote: Francois Cami wrote: On Tue, Mar 3, 2009 at 8:32 AM, Silamael silam...@coronamundi.de wrote: Is there any date when Squid 3.1 will be official released? Thanks in advance! http://wiki.squid-cache.org/ReleaseProcess#head-eea0e990c0003af12917552175691a5120980cdd Thanks for the reply but this doesn't answer my question. I now that Squid 3.1 is already released in X.Y.0.z. I just wanted to know if there is any planned date. If you say, most likely in April, that's already enough. Just need an approximate date for some internal plannings. -- Matthias We don't exactly date things here. With everyone working on voluntary time its unpredictable. Though there has been a fairly regular 4-week cycle for new X.Y.0.z beta releases. For planning and upgrade testing, 3.1.0.6 is a fairly stable point to begins with. Back before we/I decided to adopt the fluid feature inclusion we had a set of approved features for 3.1. The last of these given a guarantee of being in 3.1 is still grinding it's way through testing (far too slowly). I expect that will take us through March and maybe April before 3.1 gets a chance of even starting the stable waiting period. There is also a short list of RC bugs which we consider major enough to need fixing before we call it stable. Many of these bugs are only confirmed to exist in 3.0. But they are serious enough that we really NEED someone who can see them in 3.0 to test 3.1 and confirm they are not still hiding. Last time I had to guesstimate a timeline I said mid-year (june/july) 2009, I've seen no reason to change it for better or worse yet. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.5
Re: [squid-users] Squid 3.1 Release Date
Amos Jeffries wrote: We don't exactly date things here. With everyone working on voluntary time its unpredictable. Though there has been a fairly regular 4-week cycle for new X.Y.0.z beta releases. For planning and upgrade testing, 3.1.0.6 is a fairly stable point to begins with. Back before we/I decided to adopt the fluid feature inclusion we had a set of approved features for 3.1. The last of these given a guarantee of being in 3.1 is still grinding it's way through testing (far too slowly). I expect that will take us through March and maybe April before 3.1 gets a chance of even starting the stable waiting period. There is also a short list of RC bugs which we consider major enough to need fixing before we call it stable. Many of these bugs are only confirmed to exist in 3.0. But they are serious enough that we really NEED someone who can see them in 3.0 to test 3.1 and confirm they are not still hiding. Last time I had to guesstimate a timeline I said mid-year (june/july) 2009, I've seen no reason to change it for better or worse yet. Amos Thank you for your answer Amos. This is exactly what i wanted to know. -- Matthias
[squid-users] Squid 3.1 Release Date
Hello there! Is there any date when Squid 3.1 will be official released? Thanks in advance! -- Matthias
Re: [squid-users] Squid 3.1 Release Date
Francois Cami wrote: On Tue, Mar 3, 2009 at 8:32 AM, Silamael silam...@coronamundi.de wrote: Is there any date when Squid 3.1 will be official released? Thanks in advance! http://wiki.squid-cache.org/ReleaseProcess#head-eea0e990c0003af12917552175691a5120980cdd Thanks for the reply but this doesn't answer my question. I now that Squid 3.1 is already released in X.Y.0.z. I just wanted to know if there is any planned date. If you say, most likely in April, that's already enough. Just need an approximate date for some internal plannings. -- Matthias
Re: [squid-users] squid 3.1 is stable enough for production / testing?
Any update on how this testing has gone? Henrik Nordstrom wrote: 3.1 is certainly ready for testing. That's why we started making beta releases (3.1.0.X). Please give it a try and report back your findings. I don't think this is a setup that is commonly tested so it's very good if you can test this now while the release is actively being tested. Regards Henrik On tis, 2008-11-11 at 00:25 +0800, John Mok wrote: Hi, I would like to setup squid proxy server for NTLM proxying (i.e. connection pinning) + ICAP (clamav). I hope someone could advise if there is any catch I need to pay attention with. Thanks a lot. John Mok Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.2
[squid-users] squid 3.1 is stable enough for production / testing?
Hi, I would like to setup squid proxy server for NTLM proxying (i.e. connection pinning) + ICAP (clamav). I hope someone could advise if there is any catch I need to pay attention with. Thanks a lot. John Mok
Re: [squid-users] squid 3.1 is stable enough for production / testing?
3.1 is certainly ready for testing. That's why we started making beta releases (3.1.0.X). Please give it a try and report back your findings. I don't think this is a setup that is commonly tested so it's very good if you can test this now while the release is actively being tested. Regards Henrik On tis, 2008-11-11 at 00:25 +0800, John Mok wrote: Hi, I would like to setup squid proxy server for NTLM proxying (i.e. connection pinning) + ICAP (clamav). I hope someone could advise if there is any catch I need to pay attention with. Thanks a lot. John Mok signature.asc Description: This is a digitally signed message part
Re: [squid-users] squid 3.1 is stable enough for production / testing?
3.1 is certainly ready for testing. That's why we started making beta releases (3.1.0.X). Please give it a try and report back your findings. I don't think this is a setup that is commonly tested so it's very good if you can test this now while the release is actively being tested. Regards Henrik On tis, 2008-11-11 at 00:25 +0800, John Mok wrote: Hi, I would like to setup squid proxy server for NTLM proxying (i.e. connection pinning) + ICAP (clamav). I hope someone could advise if there is any catch I need to pay attention with. A few bugs are still open. You will need to see if one pops up in your testing before production can be considered. On specifics, the squid_kerb_auth helper upgrade is having some teething problems still on 3.1.0.1 and 3.1.0.2. Should be resolved soon though. Amos
Re: [squid-users] Squid 3.1
Henrik Nordstrom yazmış: On lör, 2008-11-01 at 14:05 +0200, İsmail ÖZATAY wrote: I'm suspecting it may be gcc-3.3 related. Is there a more recent gcc version you can upgrade to and try again? Amos Opps i am already using gcc version 3.3.5 . ;) . I have just checked it... Is there any newer GCC version than 3.3.X available for you? GCC-3.3 was end-of-life some years ago.. 3.3.5 was released Sep 2004. Refards Henrik No , only this one Thanks
Re: [squid-users] Squid 3.1
Amos Jeffries yazmış: İsmail ÖZATAY wrote: Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail Some details about the errors would be helpful. Others have managed to get it to work on OpenBSD. Amos Here is the some of output. configure: WARNING: pwd.h: present but cannot be compiled configure: WARNING: pwd.h: check for missing prerequisite headers? configure: WARNING: pwd.h: see the Autoconf documentation configure: WARNING: pwd.h: section Present But Cannot Be Compiled configure: WARNING: pwd.h: proceeding with the preprocessor's result configure: WARNING: pwd.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: regex.h: present but cannot be compiled configure: WARNING: regex.h: check for missing prerequisite headers? configure: WARNING: regex.h: see the Autoconf documentation configure: WARNING: regex.h: section Present But Cannot Be Compiled configure: WARNING: regex.h: proceeding with the preprocessor's result configure: WARNING: regex.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: sched.h: present but cannot be compiled configure: WARNING: sched.h: check for missing prerequisite headers? configure: WARNING: sched.h: see the Autoconf documentation configure: WARNING: sched.h: section Present But Cannot Be Compiled configure: WARNING: sched.h: proceeding with the preprocessor's result configure: WARNING: sched.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: signal.h: present but cannot be compiled configure: WARNING: signal.h: check for missing prerequisite headers? configure: WARNING: signal.h: see the Autoconf documentation configure: WARNING: signal.h: section Present But Cannot Be Compiled configure: WARNING: signal.h: proceeding with the preprocessor's result configure: WARNING: signal.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: stdarg.h: present but cannot be compiled configure: WARNING: stdarg.h: check for missing prerequisite headers? configure: WARNING: stdarg.h: see the Autoconf documentation configure: WARNING: stdarg.h: section Present But Cannot Be Compiled configure: WARNING: stdarg.h: proceeding with the preprocessor's result configure: WARNING: stdarg.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: stddef.h: present but cannot be compiled configure: WARNING: stddef.h: check for missing prerequisite headers? configure: WARNING: stddef.h: see the Autoconf documentation configure: WARNING: stddef.h: section Present But Cannot Be Compiled configure: WARNING: stddef.h: proceeding with the preprocessor's result configure: WARNING: stddef.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: stdio.h: present but cannot be compiled configure: WARNING: stdio.h: check for missing prerequisite headers? configure: WARNING: stdio.h: see the Autoconf documentation configure: WARNING: stdio.h: section Present But Cannot Be Compiled configure: WARNING: stdio.h: proceeding with the preprocessor's result configure: WARNING: stdio.h: in the future, the compiler will take precedence configure: WARNING: ## --- ## configure: WARNING: ## Report this to http://www.squid-cache.org/bugs/ ## configure: WARNING: ## --- ## configure: WARNING: sys/endian.h: present but cannot be compiled configure:
Re: [squid-users] Squid 3.1
İsmail ÖZATAY wrote: Amos Jeffries yazmış: İsmail ÖZATAY wrote: Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail Some details about the errors would be helpful. Others have managed to get it to work on OpenBSD. Amos Here is the some of output. Okay those looks like something seriously wrong with the compilers found. Can you send me the full config.log created by configure pleaase? Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] Squid 3.1
İsmail ÖZATAY wrote: Amos Jeffries yazmış: İsmail ÖZATAY wrote: Amos Jeffries yazmış: İsmail ÖZATAY wrote: Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail Some details about the errors would be helpful. Others have managed to get it to work on OpenBSD. Amos Here is the some of output. Okay those looks like something seriously wrong with the compilers found. Can you send me the full config.log created by configure pleaase? Amos Sure. Here it is. Oh bugger. You have run into one of the configure bugs we have not been able to solve as yet. The mysterious ' missing terminating character ' bug. I'm suspecting it may be gcc-3.3 related. Is there a more recent gcc version you can upgrade to and try again? Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1
Re: [squid-users] Squid 3.1
Amos Jeffries yazmış: İsmail ÖZATAY wrote: Amos Jeffries yazmış: İsmail ÖZATAY wrote: Amos Jeffries yazmış: İsmail ÖZATAY wrote: Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail Some details about the errors would be helpful. Others have managed to get it to work on OpenBSD. Amos Here is the some of output. Okay those looks like something seriously wrong with the compilers found. Can you send me the full config.log created by configure pleaase? Amos Sure. Here it is. Oh bugger. You have run into one of the configure bugs we have not been able to solve as yet. The mysterious ' missing terminating character ' bug. I'm suspecting it may be gcc-3.3 related. Is there a more recent gcc version you can upgrade to and try again? Amos Opps i am already using gcc version 3.3.5 . ;) . I have just checked it...
Re: [squid-users] Squid 3.1
On lör, 2008-11-01 at 14:05 +0200, İsmail ÖZATAY wrote: I'm suspecting it may be gcc-3.3 related. Is there a more recent gcc version you can upgrade to and try again? Amos Opps i am already using gcc version 3.3.5 . ;) . I have just checked it... Is there any newer GCC version than 3.3.X available for you? GCC-3.3 was end-of-life some years ago.. 3.3.5 was released Sep 2004. Refards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] Squid 3.1
Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail
Re: [squid-users] Squid 3.1
İsmail ÖZATAY wrote: Hi there, I can not configure squid 3.1 beta on my openbsd 4.3 server. When try to configure a get lots of errors. Has anybody ever tried this ? Thanks ismail Some details about the errors would be helpful. Others have managed to get it to work on OpenBSD. Amos -- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1