Thank you.
I've just had a few more emails with Laszlo from Balabit about this.
From Laszlo:
"
I fixed it and tested it. I added a new patch to the tproxy patchset
(and published it for kernel v2.6.24), so no change of the squid source
is necessary.
The IP is spoofed despite the getsockopt failed.
"
It looks like these were mostly due to the incompleteness of the Balabit
kernel patch. With some incorrect 'failure' messages even when things
had not failed.
I've checked and the new patch is public for testing already. Dated
kernel-2.6.24-20080602 which should show less errors. No changes to
squid 3-HEAD with that.
I think at this point we had best consider the results to date as
obsolete, re-test, and see what shows up for you with the new kernel,
iptables, and squid builds.
Amos
Anton V.G. wrote:
Hi Amos,
The backtrace is below.
---------- Forwarded Message ----------
Subject: Re: Squid 3.1 TPROXY bugs
Date: Wednesday 21 May 2008 01:04
From: "Anton VG" <[EMAIL PROTECTED]>
To: "Amos Jeffries" <[EMAIL PROTECTED]>
Cc: "Anton V.G." <[EMAIL PROTECTED]>, [email protected]
Here is the backtrace, and below it the cache.log part
New Thread -1246504016 (LWP 32075)]
[New Thread -1246770256 (LWP 32076)]
[New Thread -1247036496 (LWP 32077)]
Program received signal SIGABRT, Aborted.
[Switching to Thread -1211254112 (LWP 32004)]
0xffffe410 in __kernel_vsyscall ()
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7d04811 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7d05fb9 in
abort ()
from /lib/tls/i686/cmov/libc.so.6 #3 0x080f3149 in xassert (msg=0x820ce63
"!fd_table[fd].flags.closing", file=0x820ccd7 "comm.cc",
line=339) at debug.cc:577
#4 0x0819644e in comm_read (fd=411, buf=0xb58bc008
"\n\n__url=http%3A%2F%2Fletitbit.net%2Fdownload%2F71e546581
713%2FMiniPE.part3.rar.html&fu__submit=%CF%EE%EB%F3%F7%E8%F
2%FC+%EF%F0%FF%EC%F3%FE\r\n", size=4095,
[EMAIL PROTECTED]) at comm.cc:339
#5 0x080dd4d8 in ConnStateData::readSomeData
(this=0x88780d8) at client_side.cc:214
#6 0x080debbb in ConnStateData::clientMaybeReadData
(this=0x88780d8, do_next_read=1) at client_side.cc:2145
#7 0x080decc6 in ConnStateData::clientAfterReadingRequests
(this=0x88780d8, do_next_read=1) at client_side.cc:2167
#8 0x080df19b in ConnStateData::clientReadRequest
(this=0x88780d8, [EMAIL PROTECTED]) at client_side.cc:2557
#9 0x080e0a05 in CommCbMemFunT<ConnStateData,
CommIoCbParams>::doDial (this=0x8c89c34) at
CommCalls.h:140
#10 0x081a3320 in JobDialer::dial (this=0x8c89c34,
[EMAIL PROTECTED]) at ICAP/AsyncJob.cc:213
#11 0x080e1f47 in AsyncCallT<CommCbMemFunT<ConnStateData,
CommIoCbParams> >::fire (this=0x8c89c18) at AsyncCall.h:127
#12 0x080c1c62 in AsyncCall::make (this=0x8c89c18) at
AsyncCall.cc:34 #13 0x080c1510 in AsyncCallQueue::fireNext
(this=0x8426ba8) at AsyncCallQueue.cc:53
#14 0x080c15f7 in AsyncCallQueue::fire (this=0x8426ba8) at
AsyncCallQueue.cc:39 #15 0x080fd5fb in
EventLoop::dispatchCalls (this=0xbfe67ae4) at
EventLoop.cc:154 #16 0x080fd8af in EventLoop::runOnce
(this=0xbfe67ae4) at EventLoop.cc:131 #17 0x080fd984 in
EventLoop::run (this=0xbfe67ae4) at EventLoop.cc:95 #18
0x08149c4f in main (argc=4, argv=0xbfe67bb4) at
main.cc:1382 (gdb)
(gdb)
(gdb)
---- cache log
2008/05/21 01:01:49.753| client_side_request.cc(123)
ClientRequestContext: 0x8641e68 ClientRequestContext
constructed 2008/05/21 01:01:49.753| The request POST
http://exnews.org/direct/getlink.php is ALLOWED, because it
matched 'our_networks'
2008/05/21 01:01:49.753| clientInterpretRequestHeaders:
REQ_NOCACHE = NOT SET 2008/05/21 01:01:49.753|
clientInterpretRequestHeaders: REQ_CACHABLE = NOT SET
2008/05/21 01:01:49.753| clientInterpretRequestHeaders:
REQ_HIERARCHICAL = NOT SET
2008/05/21 01:01:49.753| client_side_request.cc(114)
~ClientRequestContext: 0x8641e68 ClientRequestContext
destructed 2008/05/21 01:01:49.753| clientProcessRequest:
POST 'http://exnews.org/direct/getlink.php'
2008/05/21 01:01:49.753| ClientHttpRequest::httpStart: NONE
for 'http://exnews.org/direct/getlink.php'
2008/05/21 01:01:49.753| clientProcessRequest2: storeGet()
MISS 2008/05/21 01:01:49.753| assertion failed:
comm.cc:339: "!fd_table[fd].flags.closing"
!DSPAM:48332ecc7303941283316!
-------------------------------------------------------
--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6
