On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
I did some debugging en testing.... and solved the problem.
There seems to be a big difference between STABLE9 and STABLE10
concerning ipnat and the --enable-ipf-transparent make arg.
With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
proxying (assuming that you start your squid server with the
squid user and squid group).
With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
but with STABLE10 you cannot!
It has always needed access to the nat device...
The core dump (described in my first mail with this subject)
occurs when the rights are not good on the ipnat device.
Right. A return statement has gone missing there.
The attached patch should restore the error handling equal to 2.5.STABLE9:
request rejected with error in cache.log. Please try this patch and report
back.
note: To trigger this in 2.5.STABLE9 you need to send a HTTP/1.0 request
without Host header.
Regards
Henrik
Index: src/client_side.c
===================================================================
RCS file: /cvsroot/squid/squid/src/client_side.c,v
retrieving revision 1.561.2.76
diff -u -p -r1.561.2.76 client_side.c
--- src/client_side.c 20 Apr 2005 21:46:06 -0000 1.561.2.76
+++ src/client_side.c 31 May 2005 01:27:53 -0000
@@ -2755,6 +2755,7 @@ parseHttpRequest(ConnStateData * conn, m
xfree(http->uri);
cbdataFree(http);
xfree(inbuf);
+ return parseHttpRequestAbort(conn, "error:nat-open-failed");
} else {
/*
* IP-Filter changed the type for SIOCGNATL between
