Hi Henrik,
Thanks for the reply.
> a) You don't have libcap development files installed. (likely)
Yes, i don't have before. So i install:
dpkg -l |grep libcap
ii libcap-bin 1.10-14 basic
utility programs for using capabilitie
ii libcap-dev 1.10-14 development
libraries and header files for l
ii libcap1 1.10-14 support for
getting/setting POSIX.1e capabil
ii libcapi20-3 3.9.20060704-3 libraries
for CAPI support
ii libcapi20-dev 3.9.20060704-3 libraries
for CAPI support
ii libcapsinetwork-dev 0.3.0-2 C++ network
server library, development file
ii libcapsinetwork0c2a 0.3.0-2 C++ network
server library
> b) Your kernel is not build with capabilities support (unlikely)
i think my kernel support.
> c) You are starting Squid as a normal user. To use tproxy Squid needs to be
> started as root. (it will then change user to cache_effective_user).
I have changed and run squid as root.
After install and reconfigure the squid, i don't see the same warning
again. But client still fail to access the site. no error message on
cache.log.
I tried tcpdump on squid server and web server, i see squid creates
additional port (virtual port) for client ip everytime client requst
the site. The tcpdump on web server, i see the same client IP and
additional port number from squid.
below is tcpdump on squid server:
11:51:57.992084 IP spoffs96-166.domain.com.3364 > squidserver.net.www:
S 2203251959:2203251959(0) win 65535 <mss 14
60,nop,nop,sackOK>
11:51:57.992120 IP squidserver.net.www > spoffs96-166.domain.com.3364:
S 337815390:337815390(0) ack 2203251960 win
5840 <mss 1460>
11:51:57.993626 IP spoffs96-166.domain.com.3364 > squidserver.net.www:
. ack 1 win 65535
11:51:57.994839 IP spoffs96-166.domain.com.3364 > squidserver.net.www:
P 1:417(416) ack 1 win 65535
11:51:57.994860 IP squidserver.net.www > spoffs96-166.domain.com.3364:
. ack 417 win 6432
11:51:57.998899 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:52:00.998801 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:52:07.000788 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:52:19.001168 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:22.004209 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:28.002177 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:40.002068 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:52:43.000970 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:52:49.002960 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:53:00.998989 IP squidserver.net.www > spoffs96-166.domain.com.3364:
P 1:1155(1154) ack 417 win 6432
11:53:00.999110 IP squidserver.net.www > spoffs96-166.domain.com.3364:
F 1155:1155(0) ack 417 win 6432
11:53:01.001599 IP spoffs96-166.domain.com.3364 > squidserver.net.www:
. ack 1156 win 64381
11:53:01.002440 IP spoffs96-166.domain.com.3364 > squidserver.net.www:
F 417:417(0) ack 1156 win 64381
11:53:01.002460 IP squidserver.net.www > spoffs96-166.domain.com.3364:
. ack 418 win 6432
and below on web server:
11:51:58.033089 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:51:58.036154 IP webserver.domain.com.www >
spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack
342806161 win
5840 <mss 1460>
11:52:01.031760 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:52:01.031777 IP webserver.domain.com.www >
spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack
342806161 win
5840 <mss 1460>
11:52:01.595209 IP webserver.domain.com.www >
spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack
342806161 win
5840 <mss 1460>
11:52:07.032123 IP spoffs96-166.domain.com.57608 >
webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460>
11:52:07.032139 IP webserver.domain.com.www >
spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack
342806161 win
5840 <mss 1460>
11:52:07.595210 IP webserver.domain.com.www >
spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack
342806161 win
5840 <mss 1460>
11:52:19.033727 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:19.033748 IP webserver.domain.com.www >
spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack
365870365 win
5840 <mss 1460>
11:52:22.036936 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:22.036950 IP webserver.domain.com.www >
spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack
365870365 win
5840 <mss 1460>
11:52:23.395209 IP webserver.domain.com.www >
spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack
365870365 win
5840 <mss 1460>
11:52:28.035360 IP spoffs96-166.domain.com.56352 >
webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460>
11:52:28.035376 IP webserver.domain.com.www >
spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack
365870365 win
5840 <mss 1460>
11:52:29.395209 IP webserver.domain.com.www >
spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack
365870365 win
5840 <mss 1460>
11:52:40.036205 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:52:40.036225 IP webserver.domain.com.www >
spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack
380458352 win
5840 <mss 1460>
11:52:43.035416 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:52:43.035428 IP webserver.domain.com.www >
spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack
380458352 win
5840 <mss 1460>
11:52:43.995210 IP webserver.domain.com.www >
spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack
380458352 win
5840 <mss 1460>
11:52:49.038087 IP spoffs96-166.domain.com.52615 >
webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460>
11:52:49.038108 IP webserver.domain.com.www >
spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack
380458352 win
5840 <mss 1460>
11:52:50.195210 IP webserver.domain.com.www >
spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack
380458352 win
5840 <mss 1460>
looks both squid and web server only send "S" packets untill squid
gives up and reply with "(110) Connection timed out" to client.
Does it mean the packet lost from web server back to squid server?
Rgds,
JW
> -----Original Message-----
> From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
> Sent: Thursday, September 27, 2007 9:47 PM
> To: josse wang
> Cc: squid-users
> Subject: Re: [squid-users] squid log with "Missing needed capabilitysupport.
> Will continue without tproxy support"
>
> On tor, 2007-09-27 at 17:18 +0800, josse wang wrote:
>
> > I am testing squid+tproxy on my linux box but still can not get the
> > real source client IP. After i check on cache.log, i get message "
> > Missing needed capability support. Will continue without tproxy
> > support"
>
> Possible causes
>
> a) You don't have libcap development files installed. (likely)
>
> b) Your kernel is not build with capabilities support (unlikely)
>
> c) You are starting Squid as a normal user. To use tproxy Squid needs to be
> started as root. (it will then change user to cache_effective_user).
>
> Regards
> Henrik
>
>
Received on Sun Sep 30 2007 - 22:23:42 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT