On Wed, 24 Jan 2001, Henrik Nordstrom wrote:
> Jai Lamerton wrote:
> >
> > I hope you don't mind that I don't know anything about debugging... Here
> > is the info you requested.
> >
> > It was compiled on OSF1's cc. Could compile it with gcc if thats better.
> > the version is: squid-2.3-200010300000
> >
> > acl snmppublic snmp_community public
> > snmp_access allow snmppublic rubios # this is my box
> > snmp_access deny all
>
> and how is the acl rubios defined?
acl rubios src 203.2.38.8/255.255.255.255
>
> More GDB commands:
>
> frame 1
> print *list->acl
> print *list->next->acl
> frame 4
(gdb) frame 1
#1 0x120018064 in aclMatchAcl (ae=0x14017e380, checklist=0x1) at
acl.c:1260
1260 in acl.c
(gdb) print *list->acl
No symbol "list" in current context.
(gdb) print *list->next->acl
No symbol "list" in current context.
(gdb) frame 4
#4 0x1200707b0 in snmpHandleUdp (sock=0) at snmp_core.c:506
506 snmp_core.c: No such file or directory.
>
> and did you get any messages in cache.log when it crashed?
No, only strange thing is:
2001/01/22 00:00:25| accessLogRotate: Rotating
2001/01/22 03:48:01| Starting Squid Cache version 2.3.STABLE4 for
alpha-dec-osf4.0...
NOTE: the times. Squid should not have rebooted.
and then:
2001/01/22 03:48:14| diskHandleWrite: FD 5: disk write error: (28) No
space left on device
FATAL: Write failure -- check your disk space and cache.log
Squid Cache (Version 2.3.STABLE4): Terminated abnormally.
I believe this due to the core being writen in the cache_dir and running
out of space.
>
> but so far it looks like Squid failed to process a SNMP packet and then
> crashed in access controls. As a temporary workaround, please change
> snmp_access to have the ACL's listed the other way around.
>
> snmp_access allow rubios snmppublic
OK thanks... I'll try that.
BTW the core seems to happen infrequently. Ie. I got one on the 22, 23
this month but one before that was about a month ago late Dec.
>
> This way only packets matching the acl "rubios" will be allowed to crash
> Squid..
>
> I usually do not use any snmp_community acls for SNMP access controls,
> but then I have my snmp port bound to only listen on the loopback
> interface.. (127.0.0.1), and no user accounts on the proxy server..
>
> --
> Henrik Nordstrom
> Squid hacker
>
Thanks again for your time...
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Tue Jan 23 2001 - 20:16:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:32 MST