Can you please file a bug report on the original issue so I can publish
the patch.
http://www.squid-cache.org/bugs/
On Tue, 31 May 2005, Martijn Broeders - HUB Labs wrote:
Hello Henrik,
Thanks for the patch. This one works perfectly!
Best regards,
Martijn Broeders
-----Original Message-----
From: Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx]
Sent: Tuesday, May 31, 2005 4:03 AM
To: Martijn Broeders - HUB Labs
Cc: Squid Users
Subject: RE: [squid-users] squid 2.5 - ipf transparent proxy
- FreeBSD 5.3-p13
Updated patch.
Found more errors int the same code for PF. The updated patch
rearranges
things to be a little softer and consistent on errors. In
most cases it
will work fine regardless (as you noticed with 2.5.STABLE9).
On Tue, 31 May 2005, Henrik Nordstrom wrote:
On Mon, 30 May 2005, Martijn Broeders - HUB Labs wrote:
I did some debugging en testing.... and solved the problem.
There seems to be a big difference between STABLE9 and STABLE10
concerning ipnat and the --enable-ipf-transparent make arg.
With STABLE10 you have to do a 'chown root:squid /dev/ipnat'
and a 'chmod g+rw /dev/ipnat' to succesfully enable transparent
proxying (assuming that you start your squid server with the
squid user and squid group).
With STABLE9 you could leave the /dev/ipnat owned by root:wheel,
but with STABLE10 you cannot!
It has always needed access to the nat device...
The core dump (described in my first mail with this subject)
occurs when the rights are not good on the ipnat device.
Right. A return statement has gone missing there.
The attached patch should restore the error handling equal
to 2.5.STABLE9:
request rejected with error in cache.log. Please try this
patch and report
back.
note: To trigger this in 2.5.STABLE9 you need to send a
HTTP/1.0 request
without Host header.
Regards
Henrik
