Re: filedescriptor leak on 1.2b20

On Mon, 18 May 1998, Henrik Nordstrom wrote:

> > I saw the same thing some time ago. I can't remember the exact details
> > but it's something to do with have transparent proxy on (i.e. so squid
> > acceleration is on), and have a url that is the squid access
> > port. (i.e. http://squid.ip.address:80/blah). Squid promptly connects
> > to itself, issues the same URL, connects to itself, issues the same
> > URL .... etc etc.
>
> If this is the case, then it can easily be seen in the access log. There
> should be a number of accesses from the squid server.

Yes, thousand of them in access.log. :)

> On which port are Squid running?
> What ipfwadm rules are you using?
>
> Recommended setup:
> Squid running on port 3128

We're running on port 8080

> ipfwadm ruleset:
> # Don't redirect our own traffic
> ipfwadm -I -a accept -W lo
> ipfwadm -I -a accept -S 203.155.32.12
> ipfwadm -I -a accept -D 203.155.32.12
> [repeated for every IP address the system has]
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I miss this! I only add ruleset for master device (eth0) and not for other
2 aliases (eth0:0 and eth0:1).

# ifconfig -a
lo Link encap:Local Loopback
          inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
          RX packets:1178595 errors:0 dropped:0 overruns:0
          TX packets:1178595 errors:0 dropped:0 overruns:0

eth0 Link encap:Ethernet HWaddr 00:A0:C9:66:CF:97
          inet addr:203.155.134.1 Bcast:203.155.134.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:80172403 errors:0 dropped:0 overruns:0
          TX packets:75516288 errors:0 dropped:0 overruns:44
          Interrupt:9 Base address:0xb800

eth0:0 Link encap:Ethernet HWaddr 00:A0:C9:66:CF:97
          inet addr:172.16.0.4 Bcast:172.16.255.255 Mask:255.255.255.0
          UP RUNNING MTU:1500 Metric:1
          RX packets:17369469 errors:0 dropped:0 overruns:0
          TX packets:10919681 errors:0 dropped:0 overruns:0

eth0:1 Link encap:Ethernet HWaddr 00:A0:C9:66:CF:97
          inet addr:203.155.33.12 Bcast:203.155.33.255 Mask:255.255.255.0
          UP RUNNING MTU:1500 Metric:1
          RX packets:39829892 errors:0 dropped:0 overruns:0
          TX packets:46169264 errors:0 dropped:0 overruns:0

But I only have this in my setup script:

/sbin/ipfwadm -I -a accept -W lo
/sbin/ipfwadm -I -a accept -S 203.155.134.1
/sbin/ipfwadm -I -a accept -D 203.155.134.1
/sbin/ipfwadm -I -a accept -P tcp -D 0/0 80 -r 8080

Adding

/sbin/ipfwadm -I -a accept -S 172.16.0.4
/sbin/ipfwadm -I -a accept -D 172.16.0.4
/sbin/ipfwadm -I -a accept -S 203.155.33.12
/sbin/ipfwadm -I -a accept -D 203.155.33.12

solve my problem! I now get "Reat Timeout" error as expect. :)

Thanks a lot for your help,

--
aet