I have Gentoo with a 2.6.11 kernel and oops+dansguardian. Before squid+dansguardian worked without problem. oops works only if I go on google. It is, b.e., if I try to open the site www.comune.cossato.bi.it, my browser doesn't come to it but it continues to try to open without success and without error messages, instead if I go on google (that works), I search "comune cossato" and then I click on the google result link, I arrive without trouble on www.comune.cossato.bi.it. I can't understand why. Here you are my oops.cfg: nameserver 192.168.1.122 http_port 8080 userid squid logfile /var/log/oops/oops.log accesslog /var/log/oops/oops.access pidfile /var/run/oops/oops.pid statistics /var/log/oops/oops_statfile mem_max 128m lo_mark 96m #start_red 0 start_red 500 #refuse_at 0 refuse_at 500 default-expire-value 7 ftp-expire-value 7 max-expire-value 30 last-modified-factor 5 default-expire-interval 1 #icp_timeout 1000 disk-low-free 3 disk-ok-free 5 force_http11 always_check_freshness force_completion 80 maxresident 3m insert_x_forwarded_for no insert_x_forwarded_for no #connect-from localhost stop_cache ? stop_cache cgi-bin group cossato { networks 127.0.0.0/30 ; # redir_mods fastredir; badports [0:79],110,138,139,513,[6000:6010] ; miss allow; http { allow dstdomain * ; } } group world { networks 0/0; badports [0:79],110,138,139,513,[6000:6010]; http { deny dstdomain * ; } } storage { #path /var/lib/oops/storage/oops_storage ; path /var/cache/squid/oops_storage ; size 1000m ; } module oopsctl { # path to oopsctl unix socket socket_path /var/run/oops/oopsctl; # time to auto-refresh page (seconds) html_refresh 300; } module vary { user-agent by_charset; accept-charset ignore; } module berkeley_db { dbhome /var/lib/oops/db; dbname dburl; } This is the last excerpt of the oops.log: Mon Apr 4 10:39:52 2005 [0x4000]open_db(): dbp->open(dburl;): (2) Mon Apr 4 10:39:52 2005 [0x4000]init_domain_name(): 4: host_name = `squid' domain_name = `.(none)' Mon Apr 4 10:39:52 2005 [0x4000]report_limits(): RLIMIT_DATA: 4294967295 Mon Apr 4 10:39:52 2005 [0x4000]report_limits(): RLIMIT_NOFILE: 8196 Mon Apr 4 10:39:52 2005 [0x4000]report_limits(): RLIMIT_CORE: 0 Mon Apr 4 10:39:52 2005 [0x4000]report_limits(): RLIMIT_NPROC: 4095 Mon Apr 4 10:39:52 2005 [0x4000]main(): oops 1.5.23 Started. Mon Apr 4 10:39:52 2005 [0x4000]run(): http_listen on descriptor 29 Mon Apr 4 10:39:52 2005 [0x4000]run(): icp_listen on descriptor 30 Mon Apr 4 10:39:52 2005 [0x4000]Starting threads Mon Apr 4 10:39:52 2005 [0x4002]prep_storages(): Storages checked. Mon Apr 4 10:39:52 2005 [0x8003]Statistics started. Mon Apr 4 10:39:52 2005 [0xc004]Garbage collector started. Mon Apr 4 10:39:52 2005 [0x10005]Garbage drop started. Mon Apr 4 10:39:52 2005 [0x18007]Clean disk started. Mon Apr 4 10:39:52 2005 [0x14006]Log rotator started. Mon Apr 4 10:39:52 2005 [0x1c002]Eraser started. Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Clean up and exit. Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Flushing mem_cache. Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Locking config. Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Locking config...Done. Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Locking /var/cache/squid/oops_storage Mon Apr 4 10:40:18 2005 [0x4000]cleanup(): Storage /var/cache/squid/oops_storage closed. and the oops.acess errors are of the type: 1112602740.000 308 127.0.0.1 TCP_ERROR/200 4160 GET http://www.comune.cossato.bi.it/ - DIRECT/www.comune.cossato.bi.it text/html while the successful connections to google have TCP_MISS/200 instead of TCP_ERROR/200. Reproducible: Always Steps to Reproduce: 1. I compiled and installaed oops (emerge -v oops) 2. Then I configured /etc/oops/oops.cfg (see the included cfg file) 3. Then I ran oops and I try to connect to some site from a client with Firefox 1.0.2 and IE6. Actual Results: My browser doesn't come to the sites, but it continues to try to open them without success and without error messages. Expected Results: The browser should open the sites Portage 2.0.51.19 (default-linux/x86/2004.0, gcc-3.3.5, glibc-2.3.4.20041102-r1, 2.6.11-hardened-r1y i686) ================================================================= System uname: 2.6.11-hardened-r1y i686 AMD Athlon(tm) XP 2000+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.2.3-r5,dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb 8 2005, 02:56:41)] ccache version 2.3 [enabled] dev-lang/python: 2.2.3-r5, 2.3.4-r1 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.6.8.1-r2, 2.4.19-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.inode.at/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow berkdb bitmap-fonts cdr crypt cups emboss encode ethereal font-server foomaticdb fortran gdbm gif gpm gtkhtml imlib ipv6 jpeg libg++ libwww mad mikmod mp3 mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python readline samba sdl slang ssl svga tcpd tiff truetype-fonts type1-fonts x86 xml2 xmms xv zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
I know that maybe I'd like to try with the oops mailing lists (I did with the englih one) and mantainers, but I'm not really fluent in russian ;-)
first of all, I am not an oops user - I maintain it only because no one else offered to do it. quick hints: - check permissions on /var/lib/oops and /var/cache/oops - use tcpdump/ethereal to see if the request is carried out by the oops server if you have any suggestions/improvements/fixups regarding this ebuild, please don't hesitate to post 'em here.
Sincerely thx for your support. I'll try to help to solve this issue and to find more info before saying that I loose. In any case I think that's inappropriate that such package, www-proxy/oops-1.5.23 is marked as stable, because there are no evidence that any Gentoo user uses it (nobody in forums, neither citations) and I think that a piece of software that is not used, can't be marked as stable, because that's misleading. If I'm wrong, let me know. If I'm right, please, mark it at least as masked if not hard masked.
I've marked stable because the old stable version was broken. Unfortunately we need to make compromises - gentooers expects from stable ebuilds to be at least compilable. Anyway, given the oldness of the last release, it should be stable as a mountain :)
Do you suggest to downgrade my Gentoo to version 1.0, with kernel 2.0 or 2.2? ;-) Once upon a time there was an oops www-proxy server stable on Linux (also if it seems that was really better on Solaris with its threads), once upon a time. Now, if I'm the only Gentoo oops user and if I have trouble with it, I think that maybe could be better to mark oops on x86 as testing (~x86). In my last message I was wrong when I wrote "masked or hard masked", I have had been say "testing or masked". The problem is that I have problems not only with the russian, but also with english. Now (local time 23:40) I can't try, because I don't have the server here. Tomorrow will be a better day.
I would mark it as testing/masked if I have some hard evidence that the basic functionality is broken. Until now I failed in this quest. I've tested the default oops installation accessing www.google.com, www.comune.cossato.bi.it and many other urls without a single positive results (read as failed to reproduce). This reply is posted using oops as proxy!
IT WORKS!!!! IT WORKS!!!! It was enough to install on GeNToo ;-) I started from the default oops installation. It is, I dropped my config file and used one only with essential and minimal modifications to work (try to work), as pointed out in the few and thin docs. The issue is the same (really a bit worse, because I saw that from my client with Firefox 1.0.2 on WXPSP1 I can get replies from many sites, instead with IE6 on WXPSP2 I can't go anywere). The directories and files have the right permissions, it is they are writable by squid and oops runs a squid user. I looked at packets with tethereal and there are some strange things. Essentially my request packets arrive from my PC to the eth0 of the server, then there are (ACK), (ACK, SYN), (ACK), but there are no requests from oops in internet. Tomorrow I'll continue, because now I realized that I have had to monitor also the loopback (127.0.0.1), because dansguardian ask oops there at port 8080. Or maybe I can enlarge the network at which oops hear from 127.0.0.0/30 to include also the PCs of my private network to test if they can use oops on 8080 without pass through dansguardian and without trouble.
why not keeping simple? take dansguardian out of the equation...
Before reading your right hint, due the disperation, I did it. I configured oops to listen on port 8080 to all requests from my intranets (192.168/16), I configured IE on one of my clients to go to such port of the proxy server and, miracle, it works. Don't close the bug, because before it would be better to understand if it's dansguardian's or oops's fault (dansguardian+squid work fine) and, for me, oops alone, is almost useless because I need to deny access to a lot of external sites and dansguardian is essential in such task. Do you know if there are some other filtering program in Gentoo that can work with oops? In dansguardian docs you could read that it should work (not tested) also with oops, instead, b.e., in squidguard docs I couldn't find something like that.
sorry but I don't know how to help you. have you considered the posibility that maybe dansguardian is the program which filters your requests?
Thx. Of course, I'll work on that, it is on the dansguardian configuration. Maybe some parameters that dont't bother squid are annoying for oops. Sorry if I didn't let you know more, but the problem is that I can work on this host only from monday to wednsday, so next week I hope to have better news.
try to monitor communication between dansguardian and oops using ethereal this issue is either a misconfiguration or dansguardian's problem.
Sorry for the delay. I checked the dansguardian configuratione and it seems OK. The oops cfg seems OK too, because if I use oops directly it works. In the next days I'll try to see what happens between the two with ethereal.
any news? btw, a new version of oops is available in portage.
Yes. Now also dansguardian+squid have problems with WindowsXP clients's windowsupdate. The true problem is that I work there 18 hours a week and I have to do help desk to 80 users and in the last weeks I got 20 news PC to install and yesterday also a new server. So I hope to do something but I can't guarantee when.
it's official then...this is dansguardian's problem. could it be that it has problems with persistent HTTP connections? try it with a browser that could disable those. also, you should try disabling HTTP 1.1 protocol in browser's settings.
any progress on this one? I hate to see bugs just lying there for ages. this should be closed with one resolution or the other.
Sorry me, you're right. I thought that was closed. You could close it because I had some other weird problems with dansguardian and squid, that I solved dirty and quickly reinstalling the software, but I hadn't the time to test further with oops and I'll don't have it in the next weeks, so if I have any more trouble I'll open a new bug. Thanks.
bug closed
