[squid-users] Issues with Tproxy setup from trasor on 2009-03-24 (squid-users)

From: trasor <trasor_at_lhtot.com>
Date: Tue, 24 Mar 2009 13:40:21 -0400

First let me apologize for the repost as not finding a place to post a
reply. Second there was a typo in my previous message, Amos pointed
out, should have been iptables 1.4.0 with patch. That said, I dumped
the entire OS this morning for a clean start. Downloaded, compiled,
menuconfiged, installed and rebooted into new kernel-2.6.28.3. From
there I downloaded iptables-1.4.3 and installed. Then I downloaded and
installed squid-3.1.0.6 and configured with --enable-linux-netfilter.
Created the iptables as per the Features/TPROXY document. I also added
the iprules information as specified. At this point I am stuck. For
testing I have set my browser to use a proxy on port 3128 whereby it
does contact the squid server and a 'tail -f /var/logs/access.log' does
indeed some my PC accessing the cache server. However, irregardless of
what I look up, either squid crashes and has to be restarted or my
connection timesout and says 'done' at bottom of page. I am also seeing
increments in the cache.log with a line that says 'assertion failed:
store_swapout.cc:315 "mem->swapout.sio == self"'. I am including the
squid.conf file, /boot/grub/menu.lst, /var/logs/access.log and
/var/logs/cache.log incase they may be of use.

*squid.conf file:*

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src X.X.X.0/20
acl localnet src X.X.X.0/20 acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
http_port 3128
http_port 3129 tproxy
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
coredump_dir /cache
cache_dir ufs /cache 100 16 256
access_log /var/logs/access.log squid
cache_log /var/logs/cache.log
cache_store_log /var/logs/store.log

*/boot/grub/menu.lst :
*
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.28.3)
   root (hd0,0)
   kernel /vmlinuz-2.6.28.3 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
   initrd /initrd-2.6.28.3.img
title Fedora (2.6.23.1-42.fc8)
   root (hd0,0)
   kernel /vmlinuz-2.6.23.1-42.fc8 ro root=/dev/VolGroup00/LogVol00 rhgb
quiet
   initrd /initrd-2.6.23.1-42.fc8.img

*access.log:*

1237900215.662 22734 64.201.81.159 TCP_MISS/000 0 GET
http://google.com/ - DIRECT/google.com -
1237900429.765 18014 64.201.81.159 TCP_MISS/000 0 GET
http://google.com/ - DIRECT/google.com -
1237900664.685 385 64.201.81.159 TCP_MISS/200 3064 GET
http://www.google.com/firefox? - DIRECT/74.125.113.104 text/html
1237900664.876 45 64.201.81.159 TCP_SWAPFAIL_MISS/304 248 GET
http://www.google.com/images/firefox/gradsprite.png -
DIRECT/74.125.113.104 -
1237900664.928 92 64.201.81.159 TCP_MISS/304 249 GET
http://www.google.com/images/firefox/firefox.png - DIRECT/74.125.113.104 -
1237900664.939 92 64.201.81.159 TCP_SWAPFAIL_MISS/304 248 GET
http://www.google.com/images/firefox/sprite.png - DIRECT/74.125.113.104 -
1237900664.963 58 64.201.81.159 TCP_MISS/304 227 GET
http://www.google.com/extern_js/f/CgJlbhICdXMrMAo4DSwrMA44BCwrMBY4CCwrMBc4ASwrMBg4AywrMCU4yYgBLCswJzgALA/S2Es8Zeync8.js
- DIRECT/74.125.113.104 text/html
1237900672.186 233 64.201.81.159 TCP_MISS/200 8964 GET
http://www.google.com/search? - DIRECT/74.125.113.104 text/html
1237900679.219 64 64.201.81.159 TCP_MISS/000 0 GET
http://www.google.com/url? - DIRECT/74.125.113.103 -
1237900683.492 135 64.201.81.159 TCP_MISS/404 1339 GET
http://www.howtomakeatoga.info/favicon.ico - DIRECT/74.208.137.89 text/html
1237900688.191 286 64.201.81.159 TCP_MISS/301 503 GET http://msn.com/
- DIRECT/207.68.172.246 text/html
1237900688.644 448 64.201.81.159 TCP_MISS/200 16696 GET
http://www.msn.com/ - DIRECT/207.68.173.76 text/html
1237901068.543 371 64.201.81.159 TCP_MISS/200 16718 GET
http://www.msn.com/ - DIRECT/65.54.152.225 text/html
1237901083.356 99 64.201.81.159 TCP_MISS/200 3203 GET
http://www.google.com/ - DIRECT/74.125.113.99 text/html
1237901731.309 99 64.201.81.159 TCP_MISS/200 3203 GET
http://www.google.com/ - DIRECT/74.125.113.99 text/html
1237901740.610 106 64.201.81.159 TCP_MISS/200 3100 GET
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901741.455 45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET
http://www.google.com/images/firefox/gradsprite.png -
DIRECT/74.125.113.99 -
1237901755.203 97 64.201.81.159 TCP_MISS/200 3119 GET
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901755.268 45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET
http://www.google.com/images/firefox/gradsprite.png -
DIRECT/74.125.113.99 -
1237901755.314 90 64.201.81.159 TCP_MISS/304 271 GET
http://www.google.com/images/firefox/tshirt2.png - DIRECT/74.125.113.99 -
1237901867.087 55950 64.201.81.159 TCP_MISS/000 0 GET
http://www.google.com/ - DIRECT/www.google.com -
1237901874.916 97 64.201.81.159 TCP_MISS/200 3119 GET
http://www.google.com/firefox? - DIRECT/74.125.113.99 text/html
1237901874.973 45 64.201.81.159 TCP_SWAPFAIL_MISS/304 272 GET
http://www.google.com/images/firefox/gradsprite.png -
DIRECT/74.125.113.99 -
1237901875.023 91 64.201.81.159 TCP_MISS/304 271 GET
http://www.google.com/images/firefox/tshirt2.png - DIRECT/74.125.113.99 -
1237902391.158 0 222.215.230.49 TCP_DENIED/403 3479 GET
http://pv.wantsfly.com/prx1.php? - NONE/- text/html

*cache.log:

*2009/03/24 10:31:05| Starting Squid Cache version 3.1.0.6 for
x86_64-unknown-linux-gnu...
2009/03/24 10:31:05| Process ID 12472
2009/03/24 10:31:05| With 1024 file descriptors available
2009/03/24 10:31:05| Initializing IP Cache...
2009/03/24 10:31:05| DNS Socket created at [::], FD 7
2009/03/24 10:31:05| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:05| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:05| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:06| Unlinkd pipe opened on FD 12
2009/03/24 10:31:06| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:06| Target number of buckets: 3938
2009/03/24 10:31:06| Using 8192 Store buckets
2009/03/24 10:31:06| Max Mem size: 262144 KB
2009/03/24 10:31:06| Max Swap size: 1024000 KB
2009/03/24 10:31:06| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:06| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:06| Using Least Load store dir selection
2009/03/24 10:31:06| Set Current Directory to /cache
2009/03/24 10:31:06| Loaded Icons.
2009/03/24 10:31:06| Accepting HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:06| Accepting spoofing HTTP connections at
0.0.0.0:3129, FD 17.
2009/03/24 10:31:06| HTCP Disabled.
2009/03/24 10:31:06| Squid modules loaded: 0
2009/03/24 10:31:06| Ready to serve requests.
2009/03/24 10:31:06| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:06| Finished rebuilding storage from disk.
2009/03/24 10:31:06| 3227 Entries scanned
2009/03/24 10:31:06| 0 Invalid entries.
2009/03/24 10:31:06| 0 With invalid flags.
2009/03/24 10:31:06| 3209 Objects loaded.
2009/03/24 10:31:06| 0 Objects expired.
2009/03/24 10:31:06| 18 Objects cancelled.
2009/03/24 10:31:06| 0 Duplicate URLs purged.
2009/03/24 10:31:06| 0 Swapfile clashes avoided.
2009/03/24 10:31:06| Took 0.02 seconds (172119.72 objects/sec).
2009/03/24 10:31:06| Beginning Validation Procedure
2009/03/24 10:31:06| Completed Validation Procedure
2009/03/24 10:31:06| Validated 6443 Entries
2009/03/24 10:31:06| store_swap_size = 32364
2009/03/24 10:31:07| storeLateRelease: released 0 objects
2009/03/24 10:31:20| assertion failed: store_swapout.cc:315:
"mem->swapout.sio == self"
2009/03/24 10:31:23| Starting Squid Cache version 3.1.0.6 for
x86_64-unknown-linux-gnu...
2009/03/24 10:31:23| Process ID 12475
2009/03/24 10:31:23| With 1024 file descriptors available
2009/03/24 10:31:23| Initializing IP Cache...
2009/03/24 10:31:23| DNS Socket created at [::], FD 7
2009/03/24 10:31:23| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:23| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:23| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:23| Unlinkd pipe opened on FD 12
2009/03/24 10:31:23| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:23| Target number of buckets: 3938
2009/03/24 10:31:23| Using 8192 Store buckets
2009/03/24 10:31:23| Max Mem size: 262144 KB
2009/03/24 10:31:23| Max Swap size: 1024000 KB
2009/03/24 10:31:23| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:23| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:23| Using Least Load store dir selection
2009/03/24 10:31:23| Set Current Directory to /cache
2009/03/24 10:31:23| Loaded Icons.
2009/03/24 10:31:23| Accepting HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:23| Accepting spoofing HTTP connections at
0.0.0.0:3129, FD 17.
2009/03/24 10:31:23| HTCP Disabled.
2009/03/24 10:31:23| Squid modules loaded: 0
2009/03/24 10:31:23| Ready to serve requests.
2009/03/24 10:31:23| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:23| Finished rebuilding storage from disk.
2009/03/24 10:31:23| 3227 Entries scanned
2009/03/24 10:31:23| 0 Invalid entries.
2009/03/24 10:31:23| 0 With invalid flags.
2009/03/24 10:31:23| 3209 Objects loaded.
2009/03/24 10:31:23| 0 Objects expired.
2009/03/24 10:31:23| 18 Objects cancelled.
2009/03/24 10:31:23| 0 Duplicate URLs purged.
2009/03/24 10:31:23| 0 Swapfile clashes avoided.
2009/03/24 10:31:23| Took 0.02 seconds (174383.22 objects/sec).
2009/03/24 10:31:23| Beginning Validation Procedure
2009/03/24 10:31:23| Completed Validation Procedure
2009/03/24 10:31:23| Validated 6443 Entries
2009/03/24 10:31:23| store_swap_size = 32364
2009/03/24 10:31:24| storeLateRelease: released 0 objects
2009/03/24 10:31:24| assertion failed: store_swapout.cc:315:
"mem->swapout.sio == self"
2009/03/24 10:31:27| Starting Squid Cache version 3.1.0.6 for
x86_64-unknown-linux-gnu...
2009/03/24 10:31:27| Process ID 12479
2009/03/24 10:31:27| With 1024 file descriptors available
2009/03/24 10:31:27| Initializing IP Cache...
2009/03/24 10:31:27| DNS Socket created at [::], FD 7
2009/03/24 10:31:27| Adding domain lhtot.com from /etc/resolv.conf
2009/03/24 10:31:27| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:27| Adding nameserver x.x.x.x from /etc/resolv.conf
---address removed
2009/03/24 10:31:27| Unlinkd pipe opened on FD 12
2009/03/24 10:31:27| Swap maxSize 1024000 KB, estimated 78769 objects
2009/03/24 10:31:27| Target number of buckets: 3938
2009/03/24 10:31:27| Using 8192 Store buckets
2009/03/24 10:31:27| Max Mem size: 262144 KB
2009/03/24 10:31:27| Max Swap size: 1024000 KB
2009/03/24 10:31:27| Version 1 of swap file without LFS support detected...
2009/03/24 10:31:27| Rebuilding storage in /cache (DIRTY)
2009/03/24 10:31:27| Using Least Load store dir selection
2009/03/24 10:31:27| Set Current Directory to /cache
2009/03/24 10:31:27| Loaded Icons.
2009/03/24 10:31:27| Accepting HTTP connections at [::]:3128, FD 16.
2009/03/24 10:31:27| Accepting spoofing HTTP connections at
0.0.0.0:3129, FD 17.
2009/03/24 10:31:27| HTCP Disabled.
2009/03/24 10:31:27| Squid modules loaded: 0
2009/03/24 10:31:27| Ready to serve requests.
2009/03/24 10:31:27| Done reading /cache swaplog (3245 entries)
2009/03/24 10:31:27| Finished rebuilding storage from disk.
2009/03/24 10:31:27| 3227 Entries scanned
2009/03/24 10:31:27| 0 Invalid entries.
2009/03/24 10:31:27| 0 With invalid flags.*

*
I appreciate any help.

Tom
Received on Tue Mar 24 2009 - 17:40:44 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 25 2009 - 12:00:02 MDT