Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 87891

Summary: Strange dansguardian behaviour: it works only through google
Product: Gentoo Linux Reporter: andrea ferraris <andrea_ferraris>
Component: [OLD] ServerAssignee: Gentoo Network Proxy Developers (OBSOLETE) <net-proxy+disabled>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description andrea ferraris 2005-04-04 04:41:27 UTC 
I have Gentoo with a 2.6.11 kernel and oops+dansguardian. Before squid+dansguardian worked without problem.
oops works only if I go on google. It is, b.e., if I try
to open the site www.comune.cossato.bi.it, my browser doesn't come to it but it continues to try to open without success and without error messages, instead if I go on google (that works), I search "comune cossato" and then I click on the google result link, I arrive without trouble on www.comune.cossato.bi.it.
I can't understand why.

Here you are my oops.cfg:

nameserver      192.168.1.122
http_port       8080
userid          squid
logfile         /var/log/oops/oops.log
accesslog       /var/log/oops/oops.access
pidfile         /var/run/oops/oops.pid
statistics      /var/log/oops/oops_statfile
mem_max         128m
lo_mark         96m
#start_red      0
start_red       500
#refuse_at      0
refuse_at       500
default-expire-value    7
ftp-expire-value        7
max-expire-value        30
last-modified-factor    5
default-expire-interval 1
#icp_timeout    1000
disk-low-free   3
disk-ok-free    5
force_http11
always_check_freshness
force_completion 80
maxresident     3m
insert_x_forwarded_for  no
insert_x_forwarded_for  no
#connect-from   localhost
stop_cache      ?
stop_cache      cgi-bin

group   cossato {
       networks        127.0.0.0/30 ;
#       redir_mods      fastredir;
       badports        [0:79],110,138,139,513,[6000:6010] ;
       miss            allow;
       http {
               allow   dstdomain * ;
       }
}

group   world   {
       networks        0/0;
       badports        [0:79],110,138,139,513,[6000:6010];
       http {
               deny    dstdomain * ;
       }
}

storage {
#path /var/lib/oops/storage/oops_storage ;
       path /var/cache/squid/oops_storage ;
       size 1000m ;
}

module oopsctl {
       # path to oopsctl unix socket
       socket_path     /var/run/oops/oopsctl;
       # time to auto-refresh page (seconds)
       html_refresh    300;
}

module  vary {
       user-agent      by_charset;
       accept-charset  ignore;
}

module  berkeley_db {
       dbhome  /var/lib/oops/db;
       dbname  dburl;
}

This is the last excerpt of the oops.log:

Mon Apr  4 10:39:52 2005  [0x4000]open_db(): dbp->open(dburl;): (2)
Mon Apr  4 10:39:52 2005  [0x4000]init_domain_name(): 4: host_name = `squid' domain_name = `.(none)'
Mon Apr  4 10:39:52 2005  [0x4000]report_limits(): RLIMIT_DATA: 4294967295
Mon Apr  4 10:39:52 2005  [0x4000]report_limits(): RLIMIT_NOFILE: 8196
Mon Apr  4 10:39:52 2005  [0x4000]report_limits(): RLIMIT_CORE: 0
Mon Apr  4 10:39:52 2005  [0x4000]report_limits(): RLIMIT_NPROC: 4095
Mon Apr  4 10:39:52 2005  [0x4000]main(): oops 1.5.23 Started.
Mon Apr  4 10:39:52 2005  [0x4000]run(): http_listen on descriptor 29
Mon Apr  4 10:39:52 2005  [0x4000]run(): icp_listen on descriptor 30
Mon Apr  4 10:39:52 2005  [0x4000]Starting threads
Mon Apr  4 10:39:52 2005  [0x4002]prep_storages(): Storages checked.
Mon Apr  4 10:39:52 2005  [0x8003]Statistics started.
Mon Apr  4 10:39:52 2005  [0xc004]Garbage collector started.
Mon Apr  4 10:39:52 2005  [0x10005]Garbage drop started.
Mon Apr  4 10:39:52 2005  [0x18007]Clean disk started.
Mon Apr  4 10:39:52 2005  [0x14006]Log rotator started.
Mon Apr  4 10:39:52 2005  [0x1c002]Eraser started.
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Clean up and exit.
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Flushing mem_cache.
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Locking config.
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Locking config...Done.
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Locking /var/cache/squid/oops_storage
Mon Apr  4 10:40:18 2005  [0x4000]cleanup(): Storage /var/cache/squid/oops_storage closed.

and the oops.acess errors are of the type:

1112602740.000 308 127.0.0.1 TCP_ERROR/200 4160 GET http://www.comune.cossato.bi.it/ - DIRECT/www.comune.cossato.bi.it text/html

while the successful connections to google have TCP_MISS/200 instead of TCP_ERROR/200. 

Reproducible: Always
Steps to Reproduce:
1. I compiled and installaed oops (emerge -v oops)
2. Then I configured /etc/oops/oops.cfg (see the included cfg file)
3. Then I ran oops and I try to connect to some site from a client with Firefox 1.0.2 and IE6.

Actual Results:  
My browser doesn't come to the sites, but it continues to try to open them
without success and without error messages.

Expected Results:  
The browser should open the sites

Portage 2.0.51.19 (default-linux/x86/2004.0, gcc-3.3.5, glibc-2.3.4.20041102-r1,
2.6.11-hardened-r1y i686)
=================================================================
System uname: 2.6.11-hardened-r1y i686 AMD Athlon(tm) XP 2000+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.2.3-r5,dev-lang/python-2.3.4-r1 [2.3.4
(#1, Feb  8 2005, 02:56:41)]
ccache version 2.3 [enabled]
dev-lang/python:     2.2.3-r5, 2.3.4-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r1
sys-devel/libtool:   1.5.10-r4
virtual/os-headers:  2.6.8.1-r2, 2.4.19-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict userpriv
usersandbox"
GENTOO_MIRRORS="http://gentoo.inode.at/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow berkdb bitmap-fonts cdr crypt cups emboss encode ethereal font-server
foomaticdb fortran gdbm gif gpm gtkhtml imlib ipv6 jpeg libg++ libwww mad mikmod
mp3 mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python
readline samba sdl slang ssl svga tcpd tiff truetype-fonts type1-fonts x86 xml2
xmms xv zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS
Comment 1 andrea ferraris 2005-04-04 04:52:43 UTC 
I know that maybe I'd like to try with the oops mailing lists (I did with the englih one) and mantainers, but I'm not really fluent in russian ;-)
Comment 2 Alin Năstac (RETIRED) gentoo-dev 2005-04-04 11:04:02 UTC 
first of all, I am not an oops user - I maintain it only because no one else offered to do it.

quick hints:
 - check permissions on /var/lib/oops and /var/cache/oops
 - use tcpdump/ethereal to see if the request is carried out by the oops server

if you have any suggestions/improvements/fixups regarding this ebuild, please don't hesitate to post 'em here.
Comment 3 andrea ferraris 2005-04-04 14:03:36 UTC 
Sincerely thx for your support.
I'll try to help to solve this issue and to find more info before saying that I loose. 
In any case I think that's inappropriate that such package, www-proxy/oops-1.5.23 is marked as stable, because there are no evidence that any Gentoo user uses it (nobody in forums, neither citations) and I think that a piece of software that is not used, can't be marked as stable, because that's misleading. If I'm wrong, let me know. If I'm right, please, mark it at least as masked if not hard masked.
Comment 4 Alin Năstac (RETIRED) gentoo-dev 2005-04-04 14:25:37 UTC 
I've marked stable because the old stable version was broken. Unfortunately we need to make compromises - gentooers expects from stable ebuilds to be at least compilable.

Anyway, given the oldness of the last release, it should be stable as a mountain :)
Comment 5 andrea ferraris 2005-04-04 14:45:50 UTC 
Do you suggest to downgrade my Gentoo to version 1.0, with kernel 2.0 or 2.2? ;-) Once upon a time there was an oops www-proxy server stable on Linux (also if it seems that was really better on Solaris with its threads), once upon a time. Now, if I'm the only Gentoo oops user and if I have trouble with it, I think that maybe could be better to mark oops on x86 as testing (~x86). In my last message I was wrong when I wrote "masked or hard masked", I have had been say
"testing or masked". The problem is that I have problems not only with the russian, but also with english. Now (local time 23:40) I can't try, because I don't have the server here. Tomorrow will be a better day.
Comment 6 Alin Năstac (RETIRED) gentoo-dev 2005-04-04 15:00:49 UTC 
I would mark it as testing/masked if I have some hard evidence that the basic functionality is broken. 
Until now I failed in this quest. I've tested the default oops installation accessing www.google.com, www.comune.cossato.bi.it and many other urls without a single positive results (read as failed to reproduce). 
This reply is posted using oops as proxy!
Comment 7 andrea ferraris 2005-04-05 09:42:39 UTC 
IT WORKS!!!! IT WORKS!!!! It was enough to install on GeNToo ;-)

I started from the default oops installation. It is, I dropped my config file and used one only with essential and minimal modifications to work (try to work), as pointed out in the few and thin docs. 
The issue is the same (really a bit worse, because I saw that from my client with Firefox 1.0.2 on WXPSP1 I can get replies from many sites, instead with IE6 on WXPSP2 I can't go anywere). 
The directories and files have the right permissions, it is they are writable by squid and oops runs a squid user. I looked at packets with tethereal and there are some strange things. Essentially my request packets arrive from my PC to the eth0 of the server, then there are (ACK), (ACK, SYN), (ACK), but there are no requests from oops in internet. Tomorrow I'll continue, because now I realized that I have had to monitor also the loopback (127.0.0.1), because dansguardian ask oops there at port 8080. Or maybe I can enlarge the network at which oops hear from 127.0.0.0/30 to include also the PCs of my private network to test if they can use oops on 8080 without pass through dansguardian and without trouble.
Comment 8 Alin Năstac (RETIRED) gentoo-dev 2005-04-05 13:07:13 UTC 
why not keeping simple? take dansguardian out of the equation...
Comment 9 andrea ferraris 2005-04-06 13:28:39 UTC 
Before reading your right hint, due the disperation, I did it. I configured oops to listen on port 8080 to all requests from my intranets (192.168/16), I configured IE on one of my clients to go to such port of the proxy server and, miracle, it works. 
Don't close the bug, because before it would be better to understand if it's dansguardian's or oops's fault (dansguardian+squid work fine) and, for me, oops alone, is almost useless because I need to deny access to a lot of external sites and dansguardian is essential in such task.
Do you know if there are some other filtering program in Gentoo that can work with oops? In dansguardian docs you could read that it should work (not tested) also with oops, instead, b.e., in squidguard docs I couldn't find something like that.
Comment 10 Alin Năstac (RETIRED) gentoo-dev 2005-04-09 13:49:08 UTC 
sorry but I don't know how to help you. 
have you considered the posibility that maybe dansguardian is the program which filters your requests?
Comment 11 andrea ferraris 2005-04-09 14:27:34 UTC 
Thx. Of course, I'll work on that, it is on the dansguardian configuration. Maybe some parameters that dont't bother squid are annoying for oops. Sorry if I didn't let you know more, but the problem is that I can work on this host only from monday to wednsday, so next week I hope to have better news.
Comment 12 Alin Năstac (RETIRED) gentoo-dev 2005-04-17 02:25:47 UTC 
try to monitor communication between dansguardian and oops using ethereal

this issue is either a misconfiguration or dansguardian's problem.
Comment 13 andrea ferraris 2005-04-17 02:34:39 UTC 
Sorry for the delay. I checked the dansguardian configuratione and it seems OK. The oops cfg seems OK too, because if I use oops directly it works.
In the next days I'll try to see what happens between the two with ethereal.
Comment 14 Alin Năstac (RETIRED) gentoo-dev 2005-05-05 21:58:38 UTC 
any news?
btw, a new version of oops is available in portage.
Comment 15 andrea ferraris 2005-05-05 23:32:38 UTC 
Yes. Now also dansguardian+squid have problems with WindowsXP clients's windowsupdate. The true problem is that I work there 18 hours a week 
and I have to do help desk to 80 users and in the last weeks I got 
20 news PC to install and yesterday also a new server. 
So I hope to do something but I can't guarantee when.
Comment 16 Alin Năstac (RETIRED) gentoo-dev 2005-05-06 00:11:23 UTC 
it's official then...this is dansguardian's problem.

could it be that it has problems with persistent HTTP connections? try it with a browser that could disable those. also, you should try disabling HTTP 1.1 protocol in browser's settings.
Comment 17 Alin Năstac (RETIRED) gentoo-dev 2005-05-26 21:34:11 UTC 
any progress on this one? I hate to see bugs just lying there for ages.
this should be closed with one resolution or the other.
Comment 18 andrea ferraris 2005-05-27 00:51:14 UTC 
Sorry me, you're right. I thought that was closed. You could close it because I
had some other weird problems with dansguardian and squid, that I solved dirty
and quickly reinstalling the software, but I hadn't the time to test further
with oops and I'll don't have it in the next weeks, so if I have any more
trouble I'll open a new bug. Thanks.
Comment 19 Alin Năstac (RETIRED) gentoo-dev 2005-05-27 02:45:16 UTC 
bug closed