On Mon, Jan 28, 2002 at 09:05:29PM +0100, Marius Tomaschewski wrote:
Hi!
On Fri, Jan 25, 2002 at 06:48:43PM +0000, Pascal Gienger wrote:
Some of the problems are still there in proxy suite 1.8 built on Solaris 8, newest patchlevel.
LDAP-Authentification et.al. are working fine but:
I am not able to transfer big files. Sometimes the connection is dropped after 50 kilobytes, sometimes after 170 kilobytes (depends on the "MaxRecvSize" limit). Without a MaxRecvSize Setting or with a too big one, there is no directory listing coming (But still it says Transfer complete).
When a connection drops, the following appears in the log file: TECH-INF 'STOR sshd2.tar' sent for 172.25.1.68 TECH-ERR can't ll_read: Cli-Data -1=172.25.1.68 (errno=134 [Transport endpoint is not connected]) USER-INF Transfer for 172.25.1.68: STOR 'sshd2.tar' sent 175104/1 byte/sec
Please test this one - it works for me with Solaris8 / intel (SunOS blubber 5.8 Generic i86pc i386 i86pc):
http://www.suse.de/~mt/proxy-suite/proxy-suite-20020128.tar.gz
OK... here is a fix to get it working on systems != Solaris, i.e. Linux :-)) http://www.suse.de/~mt/proxy-suite/proxy-suite-20020128.fix1.dif sorry!
I've enabled large-file support - this was not the problem with dropped connections, but I noticed problems with lstat (used for debug- and log-file rotation checks). I hope it causes no new problems... You can also disable it using --disable-largefile, but log-rotation may fail....
there are also the config-wildcard's implemented... I'll check the linux 2.4 ipchains stuff now and release it regurally...
The iptables compatibility mode avaliable with iptables does
not support transparent proxying (getsockname hack) - see:
http://netfilter.samba.org/unreliable-guides/NAT-HOWTO/NAT-HOWTO.linuxdoc-4....
The code in the proxy-suite was correct, but the message
was only wisible in debug mode ("LogLevel DBG" in config);
with the patch bellow, you'll get a warning instead... :-)
I've also rewritten it, so it is cleaner now:
[...]
if(getsockopt(phls->sock, SOL_IP, SO_ORIGINAL_DST, &dest, &len) < 0) {
- /*
- ** ENOPROTOOPT: 2.2 kernel ... no iptables support
- ** ENOENT : 2.4 kernel without iptables support
- */
- if(ENOPROTOOPT == errno || ENOENT == errno) {
- if(ENOENT == errno)
- syslog_write(T_DBG,
+ switch(errno) {
+ case ENOPROTOOPT:
+ /*
+ ** no iptables support / 2.2 kernel
+ ** ==> use getsockname dst bellow
+ */
+ break;
+ case ENOENT:
+ /*
+ ** 2.4 kernel without iptables support
+ ** ==> getsockname does not work here
+ */
+ syslog_write(T_WRN,
"iptables not supported or ipchains support active");
- } else {
+ return -1;
+ break;
+ default:
syslog_error(
"can't get iptables transparent proxy destination");
return -1;
+ break;
}
} else {
[...]
Gruesse,
Marius Tomaschewski