On 14 April 2016 at 03:56, Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 14/04/2016 6:02 a.m., Odhiambo Washington wrote: > > Hi Amos, > > > > I bit the bullet and upgraded my FreeBSD-8.4 -> 9.3. > > > > I am struggling to compile squid-3.5.16. I just have to find a way to > make > > it compile and run, by all means. > > > > So now here is what happens: > > > > > > #!/bin/sh > > ./configure --prefix=/opt/squid-3.5 \ > > --enable-removal-policies="lru heap" \ > > --disable-epoll \ > > --with-pthreads \ > > --enable-storeio="ufs diskd rock aufs" \ > > --enable-delay-pools \ > > --enable-snmp \ > > --with-openssl=/usr \ > > --enable-forw-via-db \ > > --enable-cache-digests \ > > --enable-wccpv2 \ > > --enable-follow-x-forwarded-for \ > > --with-large-files \ > > --enable-esi \ > > --enable-kqueue \ > > --enable-icap-client \ > > --enable-kill-parent-hack \ > > --enable-ssl \ > > --enable-ssl-crtd \ > > --enable-url-rewrite-helpers \ > > --enable-xmalloc-statistics \ > > --enable-stacktraces \ > > --enable-zph-qos \ > > --enable-eui \ > > --with-nat-devpf \ > > --enable-pf-transparent \ > > --enable-ipf-transparent \ > > --enable-auth \ > > > > My config.log output is here: *http://goo.gl/LcV1yN < > http://goo.gl/LcV1yN>* > > > > And this is how the compile fails:Making all in negotiate_auth > > Making all in kerberos > > depbase=`echo negotiate_kerberos_auth.o | sed > > 's|[^/]*$|.deps/&|;s|\.o$||'`; g++ -DHAVE_CONFIG_H -I../../.. > > -I../../../include -I../../../lib -I../../../src -I../../../include > > -I/usr/include -I/usr/include -I../../../libltdl -I. -I/usr/include > > -I/usr/local/include/libxml2 -I/usr/local/include/libxml2 -Wall > > -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual > > -Werror -pipe -D_REENTRANT -I/usr/local/include -g -O2 -march=native > > -I/usr/local/include -MT negotiate_kerberos_auth.o -MD -MP -MF > $depbase.Tpo > > -c -o negotiate_kerberos_auth.o negotiate_kerberos_auth.cc && mv -f > > $depbase.Tpo $depbase.Po > > negotiate_kerberos_auth.cc: In function 'int main(int, char* const*)': > > negotiate_kerberos_auth.cc:754: error: > > 'gsskrb5_extract_authz_data_from_sec_context' was not declared in this > scope > > *** [negotiate_kerberos_auth.o] Error code 1 > > > > Strange. Check the Kerberos / krb5 libraries available are up to date. > Or for now you may need to use one or more of these: > --without-mit-kerberos \ > --without-heimdal-kerbers \ > --without-gssapi-kerberos > > With luck, I have managed to get squid to compile successfully (after upgrading a few components here and there). I used: #!/bin/sh env LDFLAGS=-L/usr/local/lib CPPFLAGS=-I/usr/local/include CC=clang CXX=clang++ CPP=clang-cpp ./configure --prefix=/opt/squid-3.5 \ --enable-removal-policies="lru heap" \ --disable-epoll \ --with-pthreads \ --enable-storeio="ufs diskd rock aufs" \ --enable-delay-pools \ --enable-snmp \ --with-openssl=/usr \ --enable-forw-via-db \ --enable-cache-digests \ --enable-wccpv2 \ --enable-follow-x-forwarded-for \ --with-large-files \ --enable-esi \ --enable-kqueue \ --enable-icap-client \ --enable-kill-parent-hack \ --enable-ssl \ --enable-ssl-crtd \ --enable-url-rewrite-helpers \ --enable-xmalloc-statistics \ --enable-stacktraces \ --enable-zph-qos \ --enable-eui \ --with-nat-devpf \ --enable-pf-transparent \ --enable-ipf-transparent \ --with-nat-devpf \ --without-mit-kerberos \ --without-heimdal-kerbers \ --without-gssapi-kerberos \ --enable-auth > > > > > I am getting closer I think. > > > > The initial compile that I had before the upgrade from 8.4 to 9.3 cannot > > run. Gives a different error: > > > > 2016/04/13 14:12:13| Accepting NAT intercepted SSL bumped HTTPS Socket > > connections at local=192.168.55.254:13129 remote=[::] FD 36 flags=41 > > 2016/04/13 14:12:13| Accepting ICP messages on [::]:3130 > > 2016/04/13 14:12:13| Sending ICP messages from [::]:3130 > > 2016/04/13 14:12:13| ERROR: NAT/TPROXY lookup failed to locate original > IPs > > on local=192.168.55.254:13128 remote=192.168.55.83:50648 FD 14 flags=33 > > > <http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html#ss2.4> > > I dont think IPFilter (--enable-ipf-transparent) works on FreeBSD. > > paketFilte (PF, --enable-pf-transparent --with-nat-devpf) and IFPW > (--enable-ipfw-transparent) should do. > > Be careful of the 'f' and 'w' characters there, it can be a bit > confusing with them all those different names. > > > NP: the same error message can occur if you have simply configured DNAT > / REDIRECT external to the Squid machine. > I have it running now (redirecting using IPFilter/IPNAT), but once in a while I see this error about NAT: 2016/04/15 16:15:52| Starting Squid Cache version 3.5.16 for i386-unknown-freebsd9.3... 2016/04/15 16:15:52| Service Name: squid 2016/04/15 16:15:52| Process ID 21761 2016/04/15 16:15:52| Process Roles: master worker 2016/04/15 16:15:52| With 32768 file descriptors available 2016/04/15 16:15:52| Initializing IP Cache... 2016/04/15 16:15:52| DNS Socket created at [::], FD 9 2016/04/15 16:15:52| DNS Socket created at 0.0.0.0, FD 10 2016/04/15 16:15:52| Adding domain crownkenya.com from /etc/resolv.conf 2016/04/15 16:15:52| Adding nameserver 192.168.55.254 from /etc/resolv.conf 2016/04/15 16:15:52| Adding nameserver 208.67.222.222 from /etc/resolv.conf 2016/04/15 16:15:52| Adding nameserver 208.67.220.220 from /etc/resolv.conf 2016/04/15 16:15:52| Adding nameserver 196.201.225.19 from /etc/resolv.conf 2016/04/15 16:15:52| Adding nameserver 41.222.10.26 from /etc/resolv.conf 2016/04/15 16:15:52| helperOpenServers: Starting 5/15 'ssl_crtd' processes 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| helperOpenServers: Starting 5/10 'perl' processes 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:52| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:53| WARNING: no_suid: setuid(0): (1) Operation not permitted 2016/04/15 16:15:53| Logfile: opening log stdio:/usr/local/squid/logs/access.log 2016/04/15 16:15:53| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2016/04/15 16:15:53| Store logging disabled 2016/04/15 16:15:53| Swap maxSize 20971520 + 131072 KB, estimated 1623276 objects 2016/04/15 16:15:53| Target number of buckets: 81163 2016/04/15 16:15:53| Using 131072 Store buckets 2016/04/15 16:15:53| Max Mem size: 131072 KB 2016/04/15 16:15:53| Max Swap size: 20971520 KB 2016/04/15 16:15:53| Rejecting swap file v1 to avoid cache index corruption. Forcing a full cache index rebuild. See Squid bug #3441. 2016/04/15 16:15:53| Rebuilding storage in /usr/local/squid/cache (clean log) 2016/04/15 16:15:53| Using Least Load store dir selection 2016/04/15 16:15:53| Set Current Directory to /usr/local/squid/logs 2016/04/15 16:15:53| Finished loading MIME types and icons. 2016/04/15 16:15:53| HTCP Disabled. 2016/04/15 16:15:53| Squid plugin modules loaded: 0 2016/04/15 16:15:53| Adaptation support is off. 2016/04/15 16:15:53| Accepting NAT intercepted HTTP Socket connections at local=192.168.55.254:13128 remote=[::] FD 34 flags=41 2016/04/15 16:15:53| Accepting HTTP Socket connections at local=[::]:13130 remote=[::] FD 35 flags=9 2016/04/15 16:15:53| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=192.168.55.254:13129 remote=[::] FD 36 flags=41 2016/04/15 16:15:53| Accepting ICP messages on [::]:3130 2016/04/15 16:15:53| Sending ICP messages from [::]:3130 2016/04/15 16:17:23| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.62:57724 FD 29 flags=33 2016/04/15 16:18:53| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.62:57726 FD 357 flags=33 2016/04/15 16:21:57| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.62:57742 FD 29 flags=33 2016/04/15 16:23:21| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.62:57757 FD 60 flags=33 2016/04/15 16:24:17| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.60:49166 FD 79 flags=33 2016/04/15 16:24:17| ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.55.254:13128 remote=192.168.55.60:49168 FD 79 flags=33 In any case, I am planning to rewrite the IPNAT rules into PF and use PF. It's the inception stage so I haven't delved deep into ssl-bump configurations... -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
