RE: [squid-users] 2 Problems

From: Dean, Barry <B.Dean_at_liverpool.ac.uk>
Date: Fri, 15 Aug 2008 15:16:57 +0100

OK. I have bodged up the IPInterception.cc file and add the line from /usr/include/sys/types.h to get it to compile.

Mu change to add the error string has resulted in the error coming out as:

clientNatLookup: NAT lookup failed: ioctl(SIOCGNATL): (22) Invalid argument

I think we have a smoking gun here! It is starting to look like Squid is constructing the structure wrong that it is passing to the ipnat driver via the ioctl.

How do debug this is the question...

Thanks for the help so far.. I'll post my findings if I get a solution.

---------------
Barry Dean
Networks Team

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: 15 August 2008 14:49
To: Dean, Barry
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] 2 Problems

Dean, Barry wrote:
> Hi,
>
> My setup: Sun X4200 Server 8GB RAM, Sun IPF 4.1.9 (592), Solaris 10 x86 Generic_137112-02
>
> Problem 1:
>
> I compiled SQUID 3.0_STABLE5 no problem on Solaris 10 Generic_120012-14. Which is the one we are using.
>
> But since patching to Generic_137112-02 neither 3.0_STABLE5 or 3.0_STABLE8 will compile.
>
> The problem is that g++ uses /usr/sfw/lib/gcc/i386-pc-solaris2.10/3.4.3/include/sys/types.h and /usr/include/sys/proc.h.
>
> That proc.h contains:
>
> ...
> volatile lgrp_id_t p_t1_lgrpid; /* main's thread lgroup id */
> volatile lgrp_id_t p_tr_lgrpid; /* text replica's lgroup id */
> ...
>
> But type "lgrp_id_t" is only defined in /usr/include/sys/types.h not the gcc one!
>
> Pre-patch, these variables and type did not exist.
>
> Short of getting Sun to patch the gcc types.h, or me doing it, any suggestions as to how to get it to compile...
>
> Problem 2:
>
> We are using IPF to direct web traffic to squid, running in transparent mode. We keep getting lots of:
>
> clientNatLookup: NAT lookup failed: ioctl(SIOCGNATL)
>
> I have searched and searched on this one and the nearest to an answer I have come to is that it has to do with permissions on the /dev/ipnat device, in my case:
>
> host[53]# ls -l /dev/ipnat
> lrwxrwxrwx 1 root wheel 29 Apr 3 15:32 /dev/ipnat -> ../devices/pseudo/ipf_at_0:ipnat
>
> host[54]# ls -l /devices/pseudo/ipf_at_0:ipnat
> crw-rw-rw- 1 root bin 165, 1 Jul 15 15:16 /devices/pseudo/ipf_at_0:ipnat
>
> host[55]# getdevpolicy /dev/ipnat
> /dev/ipnat
> read_priv_set=sys_ip_config
> write_priv_set=sys_ip_config
>
> Figuring it was the device policy, I granted the running squid process "sys_ip_config" privs using ppriv, but it still kept doing it... This is when I decided to alter IPInterception.cc so that the value of errno was included in the error message, and when I discovered it no longer compiled, refer to Problem 1 !!!
>
> Can anyone help me on this one...

It sounds like the compiler and libraries need to be updated to match
the new patched kernel.

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8
Received on Fri Aug 15 2008 - 14:17:04 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 16 2008 - 12:00:03 MDT