[tproxy] soft error with cttproxy

Thu Jul 17 17:03:31 CEST 2008

Greetings all,

I am seeing an tproxy error in my squid cache.log that I am wanting to
gain more understanding of the implications of. TProxy is working, but I
was curious if the error noted below is going to give me problems down
the road, much less any information about the error. The error in the
log seems to be cutoff, which doesn't make it any easier to isolate, and
I don't know how to remedy that. After the error listing, I have
provided the details of the setup. Any input would be helpful.

Thanks,

Nicholas

Error in squid cache.log:

2008/07/16 15:21:20| tproxy ip=10.48.1.3,0x301300a,port=0 ERROR ASSIGN
2008/07/16 15:21:24| tproxy ip=10.48.1.3,0x301300a,port=0 ERROR ASSIGN
2008/07/16 15:21:52| NETDB state saved; 0 entries, 0 msec
2008/07/16 15:23:35| tproxy ip=10.48.1.3,0x301300a,port=0 ERROR ASSIGN
2008/07/16 15:24:41| tproxy ip=10.48.1.3,0x301300a,port=0 ERROR ASSIGN

Details of setup:

software versions:

CentOS 5.2 x86_64 linux distributions
squid-2.6.STABLE21
cttproxy-2.6.18-2.0.6
vanilla 2.6.18 kernel, custom compiled (I did choose the NAT
reservations support in addition the other TProxy options.)
iptables-1.3.5-4 source rpm, patched and built via rpmbuild with the
cttproxy diff

squid build options:
CHOST="x86_64-pc-linux-gnu" \
CFLAGS="-DNUMTHREADS=60 \
-O3 \
-pipe \
-funroll-loops \
-ffast-math \
-fno-exceptions" \
./configure \
--prefix=/usr/local/squidapp \
--exec-prefix=/usr/local/squidapp \
--enable-async-io \
--enable-icmp \
--enable-snmp \
--enable-cache-digests \
--enable-useragent-log \
--enable-storeio="aufs" \
--enable-follow-x-forwarded-for \
--enable-removal-policies="heap,lru" \
--with-maxfd=16384 \
--enable-poll \
--disable-ident-lookups \
--enable-delay-pools \
--enable-linux-netfilter \
--enable-linux-tproxy 

Other patches that came with the iptables rpm that were applied to the
IPTables source:Patch2: iptables-1.2.8-nolibnsl.patch
Patch4: iptables-1.2.9-netlink.patch
Patch5: iptables-1.3.0-selinux.patch
Patch6: iptables-1.2.10-counters.patch
Patch8: iptables-1.3.0-cleanup.patch
Patch9: iptables-1.3.0-autoload.patch
Patch10: iptables-1.3.0-no_root.patch
Patch11: iptables-1.3.5-dscp_max.patch
Patch12: iptables-1.3.5-headers.patch

Squid deployment is using the setup as detailed onthe squid WiKi at:
http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY

This squid deployment using using WCCP v2 with a Cisco router, and two
squid services as itemized in the WiKi article, where one wccp service
is bound to the inbound traffic, and one to the outbound traffic like
this:

wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240
ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80

Like I said, the whole setup is working nicely...but I have only tested
it with serving less than 10 clients, and I want to make sure the error
I am seing is not going to give me performance/stability problems down
the road.

Once I resolve this issue, I will be posting to the Squid Wiki and to
anyone who is interested a CentOS 5.2 HOWTO.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080717/a39ad182/attachment.htm 