Re: [squid-users] Need help to build my own external help

From: Mohamed Amine Kadimi <amine.kadimi_at_gmail.com>
Date: Wed, 11 Apr 2012 18:14:57 +0000

2012/4/10 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 11.04.2012 03:27, Mohamed Amine Kadimi wrote:
>>
>> Hello,
>>
>> I'm trying to make an external helper which will be called by an acl,
>> so I have created one which is very simple: it takes an IP in stdin
>> and returns OK if it maches a predefined IP.
>>
>> It works when I test it from the CLI, however when I put the relevant
>> directives in the squid.conf file and restart squid the connection to
>> internet is no longer possible.
>>
>> The message displayed by FF is : "Firefox is configured to use a proxy
>> server that is refusing connections".
>
>
> It would seem Squid is not listening on the IP:port which Firefox is trying
> to use, or a firewall is actively rejecting port 3128 TCP connections.
>
> 1) check that squid is running okay. It should be fine if your helper runs
> okay on command line, but read+execute access permission differences between
> the squids user and your own user account can still cause problems. Run
> "squid -k parse" or look in cache.log for message if Squid is not starting.
>
> 2) check that port 3128 is accessible. telnet etc can be used here. A packet
> dump may be needed to find which device is rejecting TCP packets to port
> 3128.
>

It's not a connectivity issue since Squid is working fine unless I
uncomment the lines relevant to my external helper.

I noticed some errors I didn't understand in the cache.log:

#######
2012/04/11 17:56:19| Accepting HTTP connections at [::]:3128, FD 24.
2012/04/11 17:56:19| HTCP Disabled.
2012/04/11 17:56:19| Squid modules loaded: 0
2012/04/11 17:56:19| Adaptation support is off.
2012/04/11 17:56:19| Ready to serve requests.
2012/04/11 17:56:19| WARNING: src_ip_ext #1 (FD 10) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #4 (FD 16) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #2 (FD 12) exited
2012/04/11 17:56:19| WARNING: src_ip_ext #3 (FD 14) exited
2012/04/11 17:56:19| Too few src_ip_ext processes are running
2012/04/11 17:56:19| storeDirWriteCleanLogs: Starting...
2012/04/11 17:56:19| Finished. Wrote 0 entries.
2012/04/11 17:56:19| Took 0.00 seconds ( 0.00 entries/sec).
FATAL: The src_ip_ext helpers are crashing too rapidly, need help!

Squid Cache (Version 3.1.6): Terminated abnormally.
#######

I think I'll need to review my program.

>> #include <stdio.h>
>> #include <stdlib.h>
>> #include <string.h>
>>
>> #define MAX_INPUT 256
>
>
> HINT: input buffer from Squid is usually between 4KB-8KB, but can be larger
> (~32KB for 3.1/3.2). IP address has a limited range of text representations,
> but if you pass unconstrained details like URLs or HTTP headers values to
> this helper it can trend towards the larger sizes. In which case it is
> useful to check whether the \n was received after fgets() and handle very
> long lines as a special input case.
>

Why is the input size so large? Could I not limit it if I just send
%SRC and %LOGIN

>>
>> int main()
>> {
>> char request [MAX_INPUT]; /* this is a holder for the stdin request */
>>
>> /* below file is just to track execution of the script */
>> FILE *fp;
>> fp = fopen("file.txt","a");
>> fprintf(fp,"%s\n","This is an execution"); /*append some text*/
>> fclose(fp);
>>
>>
>> while (fgets(request, MAX_INPUT, stdin) != NULL){
>>
>> const char *index;
>> index = strtok(request, " \n"); /* this is to get rid of \n */
>
>
> NOTE: long-term you will want to add concurrency support. It is much faster
> than serial queries.
>
> Check out the squid-3.2 session helper while() loop logics for an example of
> how to pull the channel-ID (any bytes before the first " ") from the input
> before processing. It then just gets sent back to Squid unchanged in the
> printf before OK/ERR.
>
Sure, I'll be trying to run faster. Is handling the channel-ID in the
input and output of my program all I have to do to support
concurrency?

Thanks,

--
Mohamed Amine Kadimi
Tél     : +212 (0) 675 72 36 45
Received on Wed Apr 11 2012 - 18:15:04 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 12 2012 - 12:00:02 MDT