Re: FreeBSD Port: squid-3.1.6

2010-08-12 Thread Guido Falsi

On 08/11/10 21:35, Thomas-Martin Seck wrote:


Thanks for the heads up. From looking at
http://www.squid-cache.org/Versions/v3/3.1/changesets/
it looks like you are running into Squid bug #2994/3011 (squid
3.1.6 does not work on ipv4-only systems). Can you confirm that?



Hi!

Thanks for the quick response!

From what I have seen, yes it seems to happen on IPv4 systems. I could 
not try any IPv6 system, since I don't have any.



Could you try this patch against www/squid31? It adds a trimmed version
of changeset 10063 to the files/ directory. I tested that Squid still
builds on 8.1-STABLE/amd64.


I just tried your patch at home and it seems to have solved the problem. 
I can now reach ssl sites.


I have not tested it well still though.

I will try this at work tomorrow and report back.

Thanks again for the quick patch!

--
Guido Falsi m...@madpilot.net
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org


Re: FreeBSD Port: squid-3.1.6

2010-08-12 Thread Thomas-Martin Seck
* Dominique BERTHET (dbert...@emse.fr):

 Hello
 I have finally use the patch on the amd64 server and now everything
 seems to work fine

Good news, thank you both for testing. ports/149582 contains the
maintainer update to 3.1.6_1 with the local patch for bug #3011.

Best regards,
-- 
Thomas-Martin Seck
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org


FreeBSD Port: squid-3.1.6

2010-08-11 Thread Dominique BERTHET
Hi,
I'm a sysadmin in a French School (Ecole des Mines de Saint-Etienne)
I have 2 squid FreeBSD servers based with ntlm authentification
I have upgrade squid from 5.1.x to 5.1.6 (yesterday)
On a 32b arch: no problem, everything work fine
On amd64: it works with http websites but impossible to access https
websites with this
TCP_MISS/503 errors
On the amd64 server i downgrade to squid-3.0.25_2 and everything work
fine...
I supposed it's a problem with amd64 arch

Best Regards

Dominique BERTHET
Ecole des Mines de Saint-Etienne
email: dbert...@emse.fr
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org


Re: FreeBSD Port: squid-3.1.6

2010-08-11 Thread Guido Falsi
On Wed, Aug 11, 2010 at 12:54:07PM +0200, Dominique BERTHET wrote:
 Hi,
 I'm a sysadmin in a French School (Ecole des Mines de Saint-Etienne)
 I have 2 squid FreeBSD servers based with ntlm authentification
 I have upgrade squid from 5.1.x to 5.1.6 (yesterday)
 On a 32b arch: no problem, everything work fine
 On amd64: it works with http websites but impossible to access https
 websites with this
 TCP_MISS/503 errors
 On the amd64 server i downgrade to squid-3.0.25_2 and everything work
 fine...
 I supposed it's a problem with amd64 arch

I'm having the same exact problem at work.

It looks like a problem related to IPv6 support. Could you check if you
have IPv6 in the i386 kernel?

I found just one thread abut this in the squid mailing lists and on
linux the solution sems to be enabling IPv6. (can't find the url right
now)

I suspect squid 3.1.6 is trying to, for some reason, uses some IPv6
feature to perform CONNECT requests used to transport https.

My solution for now has ben reverting to the previous (3.1.4) version of
the squid port waiting to find a fix for this.

-- 
Guido Falsi m...@madpilot.net
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org


Re: FreeBSD Port: squid-3.1.6

2010-08-11 Thread Thomas-Martin Seck
* Guido Falsi (m...@madpilot.net):

 On Wed, Aug 11, 2010 at 12:54:07PM +0200, Dominique BERTHET wrote:
  Hi,
  I'm a sysadmin in a French School (Ecole des Mines de Saint-Etienne)
  I have 2 squid FreeBSD servers based with ntlm authentification
  I have upgrade squid from 5.1.x to 5.1.6 (yesterday)
  On a 32b arch: no problem, everything work fine
  On amd64: it works with http websites but impossible to access https
  websites with this
  TCP_MISS/503 errors
  On the amd64 server i downgrade to squid-3.0.25_2 and everything work
  fine...
  I supposed it's a problem with amd64 arch
 
 I'm having the same exact problem at work.
 
 It looks like a problem related to IPv6 support. Could you check if you
 have IPv6 in the i386 kernel?
 
 I found just one thread abut this in the squid mailing lists and on
 linux the solution sems to be enabling IPv6. (can't find the url right
 now)
 
 I suspect squid 3.1.6 is trying to, for some reason, uses some IPv6
 feature to perform CONNECT requests used to transport https.
 
 My solution for now has ben reverting to the previous (3.1.4) version of
 the squid port waiting to find a fix for this.

Thanks for the heads up. From looking at
http://www.squid-cache.org/Versions/v3/3.1/changesets/ 
it looks like you are running into Squid bug #2994/3011 (squid
3.1.6 does not work on ipv4-only systems). Can you confirm that?

Could you try this patch against www/squid31? It adds a trimmed version
of changeset 10063 to the files/ directory. I tested that Squid still
builds on 8.1-STABLE/amd64.

Index: files/patch-changeset_10063
===
--- files/patch-changeset_10063 (Revision 0)
+++ files/patch-changeset_10063 (Revision 0)
@@ -0,0 +1,231 @@
+
+revno: 10063
+revision-id: amosjeffr...@squid-cache.org-2010081641-hybknxtyd8ukt5c1
+parent: amosjeffr...@squid-cache.org-20100810083149-w98pbcc8f0d5tlpo
+committer: Amos Jeffries amosjeffr...@squid-cache.org
+branch nick: SQUID_3_1
+timestamp: Wed 2010-08-11 05:16:41 -0600
+message:
+  Bug 3011: ICAP, HTTPS, cache_peer probe IPv4-only port fixes
+  
+  Also updates the forwarding CONNECT_FAIL errors to display more correct
+  errno messages.
+
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: amosjeffr...@squid-cache.org-2010081641-\
+#   hybknxtyd8ukt5c1
+# target_branch: http://www.squid-cache.org/bzr/squid3/trunk/
+# testament_sha1: 2aac12c8c664a6c3dbdbd075b256aefeb53926a8
+# timestamp: 2010-08-11 11:31:46 +
+# source_branch: http://www.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_1
+# base_revision_id: amosjeffr...@squid-cache.org-20100810083149-\
+#   w98pbcc8f0d5tlpo
+# 
+# Begin patch
+=== modified file 'src/adaptation/ServiceConfig.cc'
+--- src/adaptation/ServiceConfig.cc2010-05-26 04:00:23 +
 src/adaptation/ServiceConfig.cc2010-08-11 11:16:41 +
+@@ -5,10 +5,11 @@
+ #include squid.h
+ #include ConfigParser.h
+ #include adaptation/ServiceConfig.h
++#include ip/tools.h
+ 
+ Adaptation::ServiceConfig::ServiceConfig():
+ port(-1), method(methodNone), point(pointNone),
+-bypass(false), routing(false)
++bypass(false), routing(false), ipv6(false)
+ {}
+ 
+ const char *
+@@ -93,7 +94,11 @@
+ grokked = grokBool(bypass, name, value);
+ else if (strcmp(name, routing) == 0)
+ grokked = grokBool(routing, name, value);
+-else {
++else if (strcmp(name, ipv6) == 0) {
++grokked = grokBool(ipv6, name, value);
++if (grokked  ipv6  !Ip::EnableIpv6)
++debugs(3, DBG_IMPORTANT, WARNING: IPv6 is disabled. ICAP 
service option ignored.);
++} else {
+ debugs(3, 0, cfg_filename  ':'  config_lineno  :  
+unknown adaptation service option:   name  '='  
value);
+ }
+
+=== modified file 'src/adaptation/ServiceConfig.h'
+--- src/adaptation/ServiceConfig.h 2009-09-03 12:15:55 +
 src/adaptation/ServiceConfig.h 2010-08-11 11:16:41 +
+@@ -33,6 +33,7 @@
+ VectPoint point; // where the adaptation happens (pre- or post-cache)
+ bool bypass;
+ bool routing; /// whether this service may determine the next service(s)
++bool ipv6;/// whether this service uses IPv6 transport (default IPv4)
+ 
+ protected:
+ Method parseMethod(const char *buf) const;
+
+=== modified file 'src/adaptation/icap/Xaction.cc'
+--- src/adaptation/icap/Xaction.cc 2009-09-03 12:15:55 +
 src/adaptation/icap/Xaction.cc 2010-08-11 11:16:41 +
+@@ -13,6 +13,7 @@
+ #include pconn.h
+ #include HttpRequest.h
+ #include HttpReply.h
++#include ip/tools.h
+ #include acl/FilledChecklist.h
+ #include icap_log.h
+ #include fde.h
+@@ -116,6 +117,15 @@
+ disableRetries(); // we only retry pconn failures
+ 
+ IpAddress outgoing;
++if (!Ip::EnableIpv6