Hello! Just confused with some staff and can't find answers myself, decided to finally ask here ;) I'm an old user of -tproxy for over than 3 years now, and used the first -tproxy with SQUID 2.4STABLE5 for a long while before upgrading to squid 2.6stable18 recently - but after a few months of use - I found that -tproxy patched kenel+SQUID2.6STABLE_X influences weirdly (inserts delay up to several seconds!) on the any transit traffic (kernel ip stack???) when it get's hit by certain type of traffic on the proxy-redirect port (I pcap-ed the weird traffic - but did not udertood yet why it has such impact) - and had to disable PROXY entirely on the transit cache and wait for next usable version to try. But still cannot find what version I could try on the production cache... For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X Also even the patch tproxy4-squid-3.0.STABLE4.patch - looks suspicious since does not apply cleanly to any of the SQUID versions 3.0Stable 4 or STABLE5 (below is the patch output) and notes internally to the STABLE6 - which is not yet released (according to the SQUID downloads page) Just please could you point out to the working versions of the tproxy4.1 patches for any of the 2.4.20+ kernels and squid 3.0STABLE_ANY ? Trying patching the kernel - looks I would need corresponding -git development branch - but I'm not so familiar with -git yet. I would be just gratefull if you could point me out to a working versions of patches for TPROXY 4.1 for kernel and squid. Below is my output for trying patching squid Stable4 Kind regards, Anton. -- What i get while trying patching the squid. cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4# patch -p0 < tproxy4-squid-3.0.STABLE4.patch patching file ChangeLog Hunk #1 FAILED at 1. 1 out of 1 hunk FAILED -- saving rejects to file ChangeLog.rej patching file configure.in Reversed (or previously applied) patch detected! Assume -R? [n] y can't find file to patch at input line 83 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- | |=== modified file 'doc/release-notes/release-3.0.sgml' |--- doc/release-notes/release-3.0.sgml 2008-04-01 11:51:41 +0000 |+++ doc/release-notes/release-3.0.sgml 2008-04-24 07:39:18 +0000 -------------------------- File to patch: Skip this patch? [y] y Skipping patch. 2 out of 2 hunks ignored patching file src/ACLChecklist.cc patching file src/IPInterception.cc patching file src/IPInterception.h patching file src/cache_cf.cc patching file src/cf.data.pre patching file src/client_side.cc Hunk #1 succeeded at 1792 (offset 2 lines). Hunk #2 FAILED at 1963. Hunk #3 succeeded at 2188 (offset -1 lines). Hunk #4 succeeded at 2705 (offset -1 lines). Hunk #5 succeeded at 3013 (offset -1 lines). Hunk #6 succeeded at 3028 (offset -1 lines). 1 out of 6 hunks FAILED -- saving rejects to file src/client_side.cc.rej patching file src/client_side_request.h patching file src/comm.cc patching file src/fde.h patching file src/forward.cc Hunk #5 succeeded at 833 (offset 2 lines). Hunk #6 FAILED at 870. Hunk #7 succeeded at 1214 (offset -28 lines). 1 out of 7 hunks FAILED -- saving rejects to file src/forward.cc.rej patching file src/forward.h Hunk #1 succeeded at 94 (offset -1 lines). patching file src/globals.h patching file src/http.cc patching file src/structs.h patching file src/tools.cc cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4#
Anton VG wrote:
Hello!
Just confused with some staff and can't find answers myself, decided to finally ask here ;) I'm an old user of -tproxy for over than 3 years now, and used the first -tproxy with SQUID 2.4STABLE5 for a long while before upgrading to squid 2.6stable18 recently - but after a few months of use - I found that -tproxy patched kenel+SQUID2.6STABLE_X influences weirdly (inserts delay up to several seconds!) on the any transit traffic (kernel ip stack???) when it get's hit by certain type of traffic on the proxy-redirect port (I pcap-ed the weird traffic - but did not udertood yet why it has such impact) - and had to disable PROXY entirely on the transit cache and wait for next usable version to try. But still cannot find what version I could try on the production cache...
As far as I know there has not been any official squid 2.6 tproxy patch. Where did you get your last patch from ? I hope you were not referring to a patch which I posted sometime ago ? <Grin>
On Wednesday 14 May 2008 07:03, Ming-Ching Tiew wrote:
As far as I know there has not been any official squid 2.6 tproxy patch. Where did you get your last patch from ? I hope you were not referring to a patch which I posted sometime ago ?
No, no I did used cttproxy2 patch for 2.6.20 kernel and builtin SQUID2.6STABLE18 TPROXY, and before it - the very first cttproxy - (do not remember version already) But as I already mentioned, using cttproxy2 and SQUID2.6 would lead to a trffic delay problem with certain type of the traffic, and in which situation all routed traffic would be delayed with random delay up to 2000ms, since it has some affect on the whole throughput. I did installed that version instead very first version of CTTPROXY with SQUID2.4 (I wanted over 300G of the storage and async IO+more effective cache) - and SQUID2.4 if not so capable for my needs, but 2.6-does. And after realizing that there is a problem - i had to disable PROXY for a while - but all my services are behind the satellite link, and TPROXY just HUGELLY helps.
Anton VG wrote:
Hello!
Just confused with some staff and can't find answers myself, decided to finally ask here ;) I'm an old user of -tproxy for over than 3 years now, and used the first -tproxy with SQUID 2.4STABLE5 for a long while before upgrading to squid 2.6stable18 recently - but after a few months of use - I found that -tproxy patched kenel+SQUID2.6STABLE_X influences weirdly (inserts delay up to several seconds!) on the any transit traffic (kernel ip stack???) when it get's hit by certain type of traffic on the proxy-redirect port (I pcap-ed the weird traffic - but did not udertood yet why it has such impact) - and had to disable PROXY entirely on the transit cache and wait for next usable version to try. But still cannot find what version I could try on the production cache...
As far as I know there has not been any official squid 2.6 tproxy patch. Where did you get your last patch from ? I hope you were not referring to a patch which I posted sometime ago ? <Grin>
Hello, Anton VG wrote:
Hello!
Just confused with some staff and can't find answers myself, decided to finally ask here ;) I'm an old user of -tproxy for over than 3 years now, and used the first -tproxy with SQUID 2.4STABLE5 for a long while before upgrading to squid 2.6stable18 recently - but after a few months of use - I found that -tproxy patched kenel+SQUID2.6STABLE_X influences weirdly (inserts delay up to several seconds!) on the any transit traffic (kernel ip stack???) when it get's hit by certain type of traffic on the proxy-redirect port (I pcap-ed the weird traffic - but did not udertood yet why it has such impact) - and had to disable PROXY entirely on the transit cache and wait for next usable version to try. But still cannot find what version I could try on the production cache...
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
Also even the patch
tproxy4-squid-3.0.STABLE4.patch - looks suspicious since does not apply cleanly to any of the SQUID versions 3.0Stable 4 or STABLE5 (below is the patch output)
I've deleted this patch because it is now in the official Squid-3 source, (its version is 3.1). It can be checked out as in: http://wiki.squid-cache.org/Squid3VCS When you have the source code, in the squid source directory: ./bootstrap.sh ./configure --enable-linux-netfilter && make && make install
and notes internally to the STABLE6 - which is not yet released (according to the SQUID downloads page)
Just please could you point out to the working versions of the tproxy4.1 patches for any of the 2.4.20+ kernels and squid 3.0STABLE_ANY ?
I'm sorry but TProxy 4.1 won't be released for the 2.4 tree. Both squid-3 and squid-2.6 works with the cttproxy2 patches, also you get the same functionality.
Trying patching the kernel - looks I would need corresponding -git development branch - but I'm not so familiar with -git yet.
The following two commands are enough: git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git cd linux-2.6 git checkout -b my-2.6.24 v2.6.24 or git checkout -b my-2.6.25 v2.6.25 Then you can apply the patches from the latest tproxy-kernel-*bz2 files.
I would be just gratefull if you could point me out to a working versions of patches for TPROXY 4.1 for kernel and squid.
Below is my output for trying patching squid Stable4
Kind regards, Anton.
-- What i get while trying patching the squid.
This patch is somehow not for squid-3.0.STABLE4 but for the bzr source.
cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4# patch -p0 < tproxy4-squid-3.0.STABLE4.patch patching file ChangeLog Hunk #1 FAILED at 1. 1 out of 1 hunk FAILED -- saving rejects to file ChangeLog.rej patching file configure.in Reversed (or previously applied) patch detected! Assume -R? [n] y can't find file to patch at input line 83 Perhaps you used the wrong -p or --strip option? The text leading up to this was: -------------------------- | |=== modified file 'doc/release-notes/release-3.0.sgml' |--- doc/release-notes/release-3.0.sgml 2008-04-01 11:51:41 +0000 |+++ doc/release-notes/release-3.0.sgml 2008-04-24 07:39:18 +0000 -------------------------- File to patch: Skip this patch? [y] y Skipping patch. 2 out of 2 hunks ignored patching file src/ACLChecklist.cc patching file src/IPInterception.cc patching file src/IPInterception.h patching file src/cache_cf.cc patching file src/cf.data.pre patching file src/client_side.cc Hunk #1 succeeded at 1792 (offset 2 lines). Hunk #2 FAILED at 1963. Hunk #3 succeeded at 2188 (offset -1 lines). Hunk #4 succeeded at 2705 (offset -1 lines). Hunk #5 succeeded at 3013 (offset -1 lines). Hunk #6 succeeded at 3028 (offset -1 lines). 1 out of 6 hunks FAILED -- saving rejects to file src/client_side.cc.rej patching file src/client_side_request.h patching file src/comm.cc patching file src/fde.h patching file src/forward.cc Hunk #5 succeeded at 833 (offset 2 lines). Hunk #6 FAILED at 870. Hunk #7 succeeded at 1214 (offset -28 lines). 1 out of 7 hunks FAILED -- saving rejects to file src/forward.cc.rej patching file src/forward.h Hunk #1 succeeded at 94 (offset -1 lines). patching file src/globals.h patching file src/http.cc patching file src/structs.h patching file src/tools.cc cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4# _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
-- Panther
Laszlo Attila Toth wrote:
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2. Regards.
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2.
This is because the patches are on the top of v2.6.25 and not the v2.6.25.2 ( ? ), between them there were changes in the source code. Basically I maintain only for major versions (2.6.24, 2.6.25 etc.). I'll check now v2.6.25.4... -- Panther
Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2.
This is because the patches are on the top of v2.6.25 and not the v2.6.25.2 ( ? ), between them there were changes in the source code. Basically I maintain only for major versions (2.6.24, 2.6.25 etc.). I'll check now v2.6.25.4...
The possibility of this is always there but I really doubt so. If you check the feedback on the maillist, there are two independent feedbacks that the patches do not apply cleanly on 2.6.25 either. My network is too slow to download, so I have not tried this myself, forgive me if I said something not basing on facts. :-) Regards.
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2. This is because the patches are on the top of v2.6.25 and not the v2.6.25.2 ( ? ), between them there were changes in the source code. Basically I maintain only for major versions (2.6.24, 2.6.25 etc.). I'll check now v2.6.25.4...
The possibility of this is always there but I really doubt so. If you check the feedback on the maillist, there are two independent feedbacks that the patches do not apply cleanly on 2.6.25 either. My network is too slow to download, so I have not tried this myself, forgive me if I said something not basing on facts. :-)
Indeed, sorry. The patcheset was for net-2.6.25.git's somewhere after v2.6.25-rc3. This file is really on the top of v2.6.25: http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-... I tested only the 2.6.24-version of tproxy. -- Panther
Dear Laszlo, Thanks so much for info! Just completed installation on the squid 3.1 (bzr) with TPROXY on top of the 2.6.24.-git (should match 2.6.4.7) - (somehow missed 2.6.24 before) For initial testing - works! Will try later on heavier load. Just a note on the README in the BALABIT downloads - works with following option http_port 50080 transparent tproxy - please note "transparent" - quite obvious, since telling squid that request are indirect, but anyway a little confuses at beginning, when squid complains to the wrong URL. Will post the result of more intensive use upon having them. Looks squid 3.1 does not support the COSS cache_dir type yet (atleast complains too much). Pitty though. Warm regards, Anton. On Monday 19 May 2008 19:54, Laszlo Attila Toth wrote:
Indeed, sorry. The patcheset was for net-2.6.25.git's somewhere after v2.6.25-rc3.
This file is really on the top of v2.6.25: http://www.balabit.com/downloads/files/tproxy/tproxy-kern el-2.6.25-20080519-165031-1211208631.tar.bz2
I tested only the 2.6.24-version of tproxy.
Seems squid 3.1 cannot bind on the some sockets even on a small load - I've opened 5 tabs on the firefox and got the following in the log files. Possibly it's a bug during choose of the next available FD? Possibly I should report it to squid -dev too? Possibly this behaviour is so visible on the latent (satellite) links, like mine - so the FD occupied longer than for those who is on fiber. May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:4008: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:5407: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use Regards, Anton. On Monday 19 May 2008 19:54, Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
For a 2 last monthes periodically looking at the http://www.balabit.com/downloads/files/tproxy/ frequently saw a newer versions pf patches, but I was never able to cleanly apply any of the patches to any of the corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2.
This is because the patches are on the top of v2.6.25 and not the v2.6.25.2 ( ? ), between them there were changes in the source code. Basically I maintain only for major versions (2.6.24, 2.6.25 etc.). I'll check now v2.6.25.4...
The possibility of this is always there but I really doubt so. If you check the feedback on the maillist, there are two independent feedbacks that the patches do not apply cleanly on 2.6.25 either. My network is too slow to download, so I have not tried this myself, forgive me if I said something not basing on facts. :-)
Indeed, sorry. The patcheset was for net-2.6.25.git's somewhere after v2.6.25-rc3.
This file is really on the top of v2.6.25: http://www.balabit.com/downloads/files/tproxy/tproxy-kern el-2.6.25-20080519-165031-1211208631.tar.bz2
I tested only the 2.6.24-version of tproxy.
Forgot to mention - failed bind appears on firefox with the following text, the rest are ok. ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://biog-101-104.bio.cornell.edu/bioG101_104/tutorials/animals/squid.html The following error was encountered: * Connection to biog-101-104.bio.cornell.edu Failed The system returned: (99) Cannot assign requested address The remote host or network may be down. Please try the request again. Your cache administrator is webmaster. Generated Mon, 19 May 2008 16:13:46 GMT by (squid/3.HEAD-BZR) On Monday 19 May 2008 21:09, Anton wrote:
Seems squid 3.1 cannot bind on the some sockets even on a small load - I've opened 5 tabs on the firefox and got the following in the log files. Possibly it's a bug during choose of the next available FD? Possibly I should report it to squid -dev too?
Possibly this behaviour is so visible on the latent (satellite) links, like mine - so the FD occupied longer than for those who is on fiber.
May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:4008: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:5407: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use
Regards, Anton.
On Monday 19 May 2008 19:54, Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
> For a 2 last monthes periodically looking at the > http://www.balabit.com/downloads/files/tproxy/ > frequently saw a newer versions pf patches, but I > was never able to cleanly apply any of the > patches to any of the corresponding Linux Kernel > v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
The last time I checked ( very recent), the kernel patches does not apply cleanly on kernel 2.6.25.2.
This is because the patches are on the top of v2.6.25 and not the v2.6.25.2 ( ? ), between them there were changes in the source code. Basically I maintain only for major versions (2.6.24, 2.6.25 etc.). I'll check now v2.6.25.4...
The possibility of this is always there but I really doubt so. If you check the feedback on the maillist, there are two independent feedbacks that the patches do not apply cleanly on 2.6.25 either. My network is too slow to download, so I have not tried this myself, forgive me if I said something not basing on facts. :-)
Indeed, sorry. The patcheset was for net-2.6.25.git's somewhere after v2.6.25-rc3.
This file is really on the top of v2.6.25: http://www.balabit.com/downloads/files/tproxy/tproxy-ke rn el-2.6.25-20080519-165031-1211208631.tar.bz2
I tested only the 2.6.24-version of tproxy.
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
Hello Anton, I couldn't reproduce this issue. I have only one idea. What is your ./configure line? I think it is different from mine: ./configure --enable-linux-netfilter --prefix .... And in the etc/squid.conf file: http_port 3128 tproxy The "transparent" option affects nothing if tproxy is used. Anton wrote:
Forgot to mention - failed bind appears on firefox with the following text, the rest are ok.
ERROR The requested URL could not be retrieved
While trying to retrieve the URL: http://biog-101-104.bio.cornell.edu/bioG101_104/tutorials/animals/squid.html
The following error was encountered:
* Connection to biog-101-104.bio.cornell.edu Failed
The system returned:
(99) Cannot assign requested address
The remote host or network may be down. Please try the request again.
Your cache administrator is webmaster. Generated Mon, 19 May 2008 16:13:46 GMT by (squid/3.HEAD-BZR)
On Monday 19 May 2008 21:09, Anton wrote:
Seems squid 3.1 cannot bind on the some sockets even on a small load - I've opened 5 tabs on the firefox and got the following in the log files. Possibly it's a bug during choose of the next available FD? Possibly I should report it to squid -dev too?
Possibly this behaviour is so visible on the latent (satellite) links, like mine - so the FD occupied longer than for those who is on fiber.
May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:01:48 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(136) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily unava May 19 21:02:50 cacheng squid[26551]: IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:4008: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: commBind: Cannot bind socket FD 55 to 82.198.21.17:5407: (98) Address already in use May 19 21:02:57 cacheng squid[26551]: comm.cc(993) commResetFD: bind: (98) Address already in use
Regards, Anton.
-- Panther
Hello Laszlo! Thanks for detailed reply! :) On Wednesday 14 May 2008 11:54, Laszlo Attila Toth wrote:
Hello,
Anton VG wrote:
Hello!
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags of Linus' git tree. If you use any other version of the kernel, could you tell, where is it available? Now I can check the patches with kernel releases of Gentoo or Ubuntu...
I just tried to apply to vanilla 2.6.24 and 25 - since setting unknown or unstable branch on the server is a "little" dangerous :)
Also even the patch
tproxy4-squid-3.0.STABLE4.patch - looks suspicious since does not apply cleanly to any of the SQUID versions 3.0Stable 4 or STABLE5 (below is the patch output)
I've deleted this patch because it is now in the official Squid-3 source, (its version is 3.1). It can be checked out as in:
Will try it! - Do you think that squid 3.1 is stable enough? I have to use it in production environment...
When you have the source code, in the squid source directory:
./bootstrap.sh ./configure --enable-linux-netfilter && make && make install
and notes internally to the STABLE6 - which is not yet released (according to the SQUID downloads page)
Just please could you point out to the working versions of the tproxy4.1 patches for any of the 2.4.20+ kernels and squid 3.0STABLE_ANY ?
I'm sorry but TProxy 4.1 won't be released for the 2.4 tree. Both squid-3 and squid-2.6 works with the cttproxy2 patches, also you get the same functionality.
the first squid3 STABLE1 (if I'm not wrong) did not have tproxy support... will try!
Trying patching the kernel - looks I would need corresponding -git development branch - but I'm not so familiar with -git yet.
The following two commands are enough:
git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li nux-2.6.git cd linux-2.6 git checkout -b my-2.6.24 v2.6.24 or git checkout -b my-2.6.25 v2.6.25
Then you can apply the patches from the latest tproxy-kernel-*bz2 files.
Thanks for instructions, thats clearer now :) Just strange for me - with SVN I could get a tree in a minutes, git already giving indexing for a few hours... looks it's not satellite-link (latency) - frendly... :) But As i userstang - it would bring ALL of the versions and changes available on the check time? Sincerely, Anton.
Dear Laszlo, Downloaded and branched the -git kernel tree as you mentioned, but patches does not apply either. (Below is the output) - fails first on the inet_sock.h, and further in route, tcp, udp code. I than manually patched the 2.6.25.4 kernel tree with this patches, applying code to te corresponding places, but than - kernel does not compile. with the following error. Would appreciate any advice, or maybe it would be possible for you to do a cumulative patch against any of the 2.6.24 or 2.6.25 version? Regards, Anton. ---- CC net/core/sock.o In file included from include/net/xfrm.h:19, from net/core/sock.c:125: include/net/route.h: In function ‘inet_iif’: include/net/route.h:215: error: ‘const struct sk_buff’ has no member named ‘rtable make[2]: *** [net/core/sock.o] Error 1 --- -- patching output anton@anton:~/LINUX/linux-2.6$ git checkout -b my-2.6.25 v2.6.25 git checkout: branch my-2.6.25 already exists anton@anton:~/LINUX/linux-2.6$ anton@anton:~/LINUX$ tar cf linux-2.6-git.tar linux-2.6 anton@anton:~/LINUX/linux-2.6$ patch -p1 < 0001-Loosen-source-address-check-on-IPv4-output.patch patching file include/net/flow.h patching file net/ipv4/route.c Hunk #1 succeeded at 2276 (offset -31 lines). Hunk #2 succeeded at 2287 (offset -31 lines). Hunk #3 succeeded at 2310 (offset -31 lines). anton@anton:~/LINUX/linux-2.6$ patch -p1 < 0002* patching file include/linux/in.h patching file include/net/inet_sock.h Hunk #1 succeeded at 129 (offset 1 line). patching file include/net/inet_timewait_sock.h patching file net/ipv4/inet_timewait_sock.c Hunk #1 succeeded at 123 with fuzz 2 (offset -1 lines). patching file net/ipv4/ip_sockglue.c Hunk #2 succeeded at 878 (offset -1 lines). anton@anton:~/LINUX/linux-2.6$ patch -p1 < 0003* patching file net/ipv4/af_inet.c Hunk #1 succeeded at 457 (offset -18 lines). anton@anton:~/LINUX/linux-2.6$ patch -p1 < 0004* patching file include/net/inet_sock.h Hunk #2 FAILED at 191. 1 out of 2 hunks FAILED -- saving rejects to file include/net/inet_sock.h.rej patching file include/net/route.h On Wednesday 14 May 2008 11:54, Laszlo Attila Toth wrote:
Hello,
The following two commands are enough:
git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/li nux-2.6.git cd linux-2.6 git checkout -b my-2.6.24 v2.6.24 or git checkout -b my-2.6.25 v2.6.25
Then you can apply the patches from the latest tproxy-kernel-*bz2 files.
participants (4)
-
Anton
-
Anton VG
-
Laszlo Attila Toth
-
Ming-Ching Tiew