Updated patch.
Found more errors int the same code for PF. The updated patch rearranges
things to be a little softer and consistent on errors. In most cases it
will work fine regardless (as you noticed with 2.5.STABLE9).
On Tue, 31 May 2005, Henrik Nordstrom wrote:
> On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
>
>> I did some debugging en testing.... and solved the problem.
>>
>> There seems to be a big difference between STABLE9 and STABLE10
>> concerning ipnat and the --enable-ipf-transparent make arg.
>>
>> With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
>> and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
>> proxying (assuming that you start your squid server with the
>> squid user and squid group).
>>
>> With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
>> but with STABLE10 you cannot!
>
> It has always needed access to the nat device...
>
>> The core dump (described in my first mail with this subject)
>> occurs when the rights are not good on the ipnat device.
>
> Right. A return statement has gone missing there.
>
> The attached patch should restore the error handling equal to 2.5.STABLE9:
> request rejected with error in cache.log. Please try this patch and report
> back.
>
> note: To trigger this in 2.5.STABLE9 you need to send a HTTP/1.0 request
> without Host header.
>
> Regards
> Henrik
This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT