Dean, Barry wrote:
Just searching the old Intermahweb again with my problem and found that Amos
had replied to me some time ago and I missed it!!!:
Dean, Barry wrote:
OK. I have bodged up the IPInterception.cc file and add the line from /usr/include/sys/types.h to get it to compile.
Mu change to add the error string has resulted in the error coming out as:
clientNatLookup: NAT lookup failed: ioctl(SIOCGNATL): (22) Invalid argument
I think we have a smoking gun here! It is starting to look like Squid is constructing the structure wrong that it is
passing to the ipnat driver via the ioctl.
How do debug this is the question...
Thanks for the help so far.. I'll post my findings if I get a solution.
You may be right, there have been upgrades to interception recently that
are not tested in some NAT lookup methods.
To debug you can either trace it live in a debugger, or thread debugs()
calls through the IPF section that display the parameter values.
However, I'd like to be certain that anything to be merged is tested and
working on an unpatched kernel with working compilers.
Amos
In response...
These NAT Lookup errors have occurred ever since we first installed squid on
the box, before any patches.
I have meticulously gone through the manual pages on this and checked each and every item. Unless
there is something silly in the "me" and "peer" arguments to clientNatLookup()
in IPInterception.cc the only problem I could see was that potentially the struct natLookup may
have had garbage values for natLookup.nl_realip and natLookup.nl_realport, and the manual says
these must be 0 before the ioctl.
So I added a memset to clear it, tried the improved version and I still get the
errors!
Will these errors be affecting the way squid is working?
How important is he NAT Lookup?
Well, its key to whether Squid handles URL like /index.php instead of
requiring http://example.com/index.php.
Other than URI handling its only logged for admininstration purposes.
Squid uses its own outgoing IP and does independent destination DNS
lookups for security.
You might get less errors if you ensure the standard proxy port and the
intercept port are different. It will certainly cut down on the NAT
lookup load.
If its not working in a current squid can you report a bug please with
the following info:
- squid release(s) failing
- OS type and version
- IPF release version
- what you've already tried (ie the memset), and what it did.
Thanks
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9
