Re: Squid 3.1 TPROXY bugs from Amos Jeffries on 2008-05-20 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 21 May 2008 15:14:38 +1200 (NZST)

> Unfortunatelly it did not.
>
> 2008/05/20 21:23:43| commBind: Cannot bind socket FD 97 to
> 192.168.1.177:6013: (98) Address already in use
> 2008/05/20 21:23:43| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:23:44| commBind: Cannot bind socket FD 95 to
> 192.168.1.177:6013: (98) Address already in use
> 2008/05/20 21:23:44| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:23:44| commBind: Cannot bind socket FD 95 to
> 192.168.1.177:6013: (98) Address already in use
> 2008/05/20 21:23:44| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:23:44| commBind: Cannot bind socket FD 97 to
> 192.168.1.177:6013: (98) Address already in use
> 2008/05/20 21:23:44| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:23:45| commBind: Cannot bind socket FD 101 to
> 192.168.1.177:6013: (98) Address already in use
> 2008/05/20 21:23:45| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:24:10| IPInterception.cc(136) NetfilterInterception: NF
> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
> unavailable
> 2008/05/20 21:24:10| IPInterception.cc(169) NetfilterTransparent: NF
> getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
> 2008/05/20 21:24:39| IdleConnList::removeFD: FD 78 NOT FOUND!
> 2008/05/20 21:25:46| commBind: Cannot bind socket FD 30 to
> 192.168.1.177:3976: (98) Address already in use
> 2008/05/20 21:25:46| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:25:47| IPInterception.cc(136) NetfilterInterception: NF
> getsockopt(SO_ORIGINAL_DST) failed: (11) Resource temporarily
> unavailable
> 2008/05/20 21:25:47| IPInterception.cc(169) NetfilterTransparent: NF
> getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
> 2008/05/20 21:25:53| commBind: Cannot bind socket FD 35 to
> 192.168.1.177:3976: (98) Address already in use
> 2008/05/20 21:25:53| comm.cc(994) commResetFD: bind: (98) Address already
> in use
> 2008/05/20 21:25:59| commBind: Cannot bind socket FD 31 to
> 192.168.1.177:3977: (98) Address already in use
> 2008/05/20 21:25:59| comm.cc(994) commResetFD: bind: (98) Address already
> in use
>
>
> 2008/5/20 Anton VG <anton.vazir_at_gmail.com>:
>> Will try it now... already compiling.
>>
>

Doh! I see the flaw in my thinking. That won't work when the new address
is not found.

I've just committed a better debug booster in revision 9002. It now shows
the output of each lookup at debug level 85,9.

I think we are going to need a trace of fd_table[fd] and the
NetfilterTransparent(...) parameters when those IP_TRANSPARENT errors are
happening.

And a backtrace when the bind error is displayed. I really don't think the
port should be set on those outgoing binds. But finding the right place to
suppress it is tricky.

Amos
Received on Wed May 21 2008 - 03:14:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:06:35 MDT