Menu
▾
▴
devil-linux-discuss
|
From: Frank W. <Fra...@cg...> - 2016-08-03 09:49:20
Attachments:
smime.p7s
|
Hi all, squid exits immediately and I have the following log messages. This happens in rc1 and rc2. Any hints? [10504.225825] grsec: Illegal instruction occurred at 083a5893 in /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 [10504.225868] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/ egid:0/0 Thanks a lot Frank -- *Frank Weis* Conseiller informaticien LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse Centre de gestion informatique de l’éducation eduPôle - Walferdange Route de Diekirch, L-7220 Walferdange _Adresse postale_ : B.P. 98, L-7201 Bereldange Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 E-mail : Fra...@cg... <mailto:Fra...@cg...> www.cgie.lu <http://www.cgie.lu/> www.men.lu <http://www.men.lu/> www.gouvernement.lu <http://www.gouvernement.lu> Ce message et toutes pièces jointes sont établis à l'intention exclusive de ses destinataires. Ils peuvent contenir des informations confidentielles. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Ce message a fait l'objet d'un traitement anti-virus. Le contenu de ce message et des pièces jointes ne pourrait engager la responsabilité du ministère que s'il a été émis par une personne dûment habilitée agissant dans le strict cadre des fonctions auxquelles elle est employée et à des fins non étrangères à ses attributions. |
|
From: Heiko Z. <he...@zu...> - 2016-08-03 15:48:17
|
Frank, It's core dumping, but that could be for a million reasons. Can you try updating squid and see if it makes a difference? Heiko Quoting Frank Weis <Fra...@cg...>: > Hi all, > > > > squid exits immediately and I have the following log messages. > This happens in rc1 and rc2. Any hints? > > > > [10504.225825] grsec: Illegal instruction occurred at 083a5893 in > /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent > /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 > [10504.225868] grsec: denied resource overstep by requesting 4096 > for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] > uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] > uid/euid:0/0 gid/ > egid:0/0 > > > > Thanks a lot > > Frank > -- > > FRANK WEIS > Conseiller informaticien > > LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG > Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse > Centre de gestion informatique de l’éducation > > eduPôle - Walferdange > Route de Diekirch, L-7220 Walferdange > _Adresse postale_ : B.P. 98, L-7201 Bereldange > > Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 > E-mail : Fra...@cg... > www.cgie.lu[1] > www.men.lu[2] > www.gouvernement.lu[3] > > Ce message et toutes pièces jointes sont établis à l'intention > exclusive de ses destinataires. Ils peuvent contenir des > informations confidentielles. Si vous recevez ce message par erreur, > merci de le détruire et d'en avertir immédiatement l'expéditeur. > Toute utilisation de ce message non conforme à sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, > sauf autorisation expresse. Ce message a fait l'objet d'un > traitement anti-virus. > > Le contenu de ce message et des pièces jointes ne pourrait engager > la responsabilité du ministère que s'il a été émis par une personne > dûment habilitée agissant dans le strict cadre des fonctions > auxquelles elle est employée et à des fins non étrangères à ses > attributions. > Links: ------ [1] http://www.cgie.lu/ [2] http://www.men.lu/ [3] http://www.gouvernement.lu -- Regards Heiko Zuerker |
|
From: Frank W. <Fra...@cg...> - 2016-08-08 08:08:58
Attachments:
smime.p7s
|
Hi Heiko, I got the latest squid installed, it still crashes: squid -version Squid Cache: Version 3.5.20-20160805-r14070 Service Name: squid configure options: '--prefix=/usr' '--sysconfdir=/etc' '--bindir=/usr/sbin' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--localstatedir=/var/squid' '--sharedstatedir=/var/squid' '--enable-delay-pools ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' '--enable-ssl' '--with-openssl' '--enable-htcp' '--enable-linux-netfilter' '--enable-auth' '--disable-auth-negotiate' '--enable-auth-basic' '- -enable-auth-ntlm' '--disable-auth-digest' '--enable-log-daemon-helpers' '--enable-external-acl-helpers' '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi' '--enable-ecap' '--enable-follow-x-for warded-for' '--enable-default-err-language=English' '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686' 'CXXFLAGS=-mtune=i686 -march=i686' Illegal instruction Any other ideas? Thanks On 2016-08-03 17:48, Heiko Zuerker wrote: > > Frank, > > It's core dumping, but that could be for a million reasons. > Can you try updating squid and see if it makes a difference? > > Heiko > > Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>: > >> Hi all, >> >> >> >> squid exits immediately and I have the following log messages. This >> happens in rc1 and rc2. Any hints? >> >> >> >> [10504.225825] grsec: Illegal instruction occurred at 083a5893 in >> /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent >> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 >> [10504.225868] grsec: denied resource overstep by requesting 4096 for >> RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] >> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] >> uid/euid:0/0 gid/ >> egid:0/0 >> >> >> >> >> Thanks a lot >> >> Frank >> -- >> >> *Frank Weis* >> Conseiller informaticien >> >> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >> Centre de gestion informatique de l’éducation >> >> eduPôle - Walferdange >> Route de Diekirch, L-7220 Walferdange >> _Adresse postale_ : B.P. 98, L-7201 Bereldange >> >> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >> E-mail : Fra...@cg... <mailto:Fra...@cg...> >> www.cgie.lu <http://www.cgie.lu/> >> www.men.lu <http://www.men.lu/> >> www.gouvernement.lu <http://www.gouvernement.lu> >> >> Ce message et toutes pièces jointes sont établis à l'intention >> exclusive de ses destinataires. Ils peuvent contenir des informations >> confidentielles. Si vous recevez ce message par erreur, merci de le >> détruire et d'en avertir immédiatement l'expéditeur. Toute >> utilisation de ce message non conforme à sa destination, toute >> diffusion ou toute publication, totale ou partielle, est interdite, >> sauf autorisation expresse. Ce message a fait l'objet d'un traitement >> anti-virus. >> >> Le contenu de ce message et des pièces jointes ne pourrait engager la >> responsabilité du ministère que s'il a été émis par une personne >> dûment habilitée agissant dans le strict cadre des fonctions >> auxquelles elle est employée et à des fins non étrangères à ses >> attributions. >> > > > > -- > > Regards > Heiko Zuerker > -- *Frank Weis* Conseiller informaticien LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse Centre de gestion informatique de l’éducation eduPôle - Walferdange Route de Diekirch, L-7220 Walferdange _Adresse postale_ : B.P. 98, L-7201 Bereldange Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 E-mail : Fra...@cg... <mailto:Fra...@cg...> www.cgie.lu <http://www.cgie.lu/> www.men.lu <http://www.men.lu/> www.gouvernement.lu <http://www.gouvernement.lu> Ce message et toutes pièces jointes sont établis à l'intention exclusive de ses destinataires. Ils peuvent contenir des informations confidentielles. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Ce message a fait l'objet d'un traitement anti-virus. Le contenu de ce message et des pièces jointes ne pourrait engager la responsabilité du ministère que s'il a été émis par une personne dûment habilitée agissant dans le strict cadre des fonctions auxquelles elle est employée et à des fins non étrangères à ses attributions. |
|
From: Heiko Z. <he...@zu...> - 2016-08-08 19:00:16
|
Frank, Try increasing the log level and see if it spits anything else out in the squid log, before it crashes. Are you using an existing configuration? If yes, try with a clean one. You can also try the server version to see if it's related to any of our security enhancements. Heiko Quoting Frank Weis <Fra...@cg...>: > Hi Heiko, > > > > I got the latest squid installed, it still crashes: > > > > squid -version > Squid Cache: Version 3.5.20-20160805-r14070 > Service Name: squid > configure options: '--prefix=/usr' '--sysconfdir=/etc' > '--bindir=/usr/sbin' '--libexecdir=/usr/sbin' > '--datadir=/usr/share/squid' '--localstatedir=/var/squid' > '--sharedstatedir=/var/squid' '--enable-delay-pools > ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' > '--enable-ssl' '--with-openssl' '--enable-htcp' > '--enable-linux-netfilter' '--enable-auth' > '--disable-auth-negotiate' '--enable-auth-basic' '- > -enable-auth-ntlm' '--disable-auth-digest' > '--enable-log-daemon-helpers' '--enable-external-acl-helpers' > '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi' > '--enable-ecap' '--enable-follow-x-for > warded-for' '--enable-default-err-language=English' > '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686' > 'CXXFLAGS=-mtune=i686 -march=i686' > Illegal instruction > > Any other ideas? > > > > Thanks > On 2016-08-03 17:48, Heiko Zuerker wrote: > >> Frank, >> >> It's core dumping, but that could be for a million reasons. >> Can you try updating squid and see if it makes a difference? >> >> Heiko >> >> Quoting Frank Weis <Fra...@cg...>: >> >>> Hi all, >>> >>> >>> >>> squid exits immediately and I have the following log messages. >>> This happens in rc1 and rc2. Any hints? >>> >>> >>> >>> [10504.225825] grsec: Illegal instruction occurred at 083a5893 >>> in /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent >>> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 >>> [10504.225868] grsec: denied resource overstep by requesting 4096 >>> for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] >>> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] >>> uid/euid:0/0 gid/ >>> egid:0/0 >>> >>> >>> >>> Thanks a lot >>> >>> Frank >>> -- >>> >>> FRANK WEIS >>> Conseiller informaticien >>> >>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >>> Centre de gestion informatique de l’éducation >>> >>> eduPôle - Walferdange >>> Route de Diekirch, L-7220 Walferdange >>> _Adresse postale_ : B.P. 98, L-7201 Bereldange >>> >>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >>> E-mail : Fra...@cg... >>> www.cgie.lu[1] >>> www.men.lu[2] >>> www.gouvernement.lu[3] >>> >>> Ce message et toutes pièces jointes sont établis à l'intention >>> exclusive de ses destinataires. Ils peuvent contenir des >>> informations confidentielles. Si vous recevez ce message par >>> erreur, merci de le détruire et d'en avertir immédiatement >>> l'expéditeur. Toute utilisation de ce message non conforme à sa >>> destination, toute diffusion ou toute publication, totale ou >>> partielle, est interdite, sauf autorisation expresse. Ce message a >>> fait l'objet d'un traitement anti-virus. >>> >>> Le contenu de ce message et des pièces jointes ne pourrait engager >>> la responsabilité du ministère que s'il a été émis par une >>> personne dûment habilitée agissant dans le strict cadre des >>> fonctions auxquelles elle est employée et à des fins non >>> étrangères à ses attributions. >>> >> >> >> -- >> >> Regards >> Heiko Zuerker >> > > -- > > FRANK WEIS > Conseiller informaticien > > LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG > Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse > Centre de gestion informatique de l’éducation > > eduPôle - Walferdange > Route de Diekirch, L-7220 Walferdange > _Adresse postale_ : B.P. 98, L-7201 Bereldange > > Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 > E-mail : Fra...@cg... > www.cgie.lu[1] > www.men.lu[2] > www.gouvernement.lu[3] > > Ce message et toutes pièces jointes sont établis à l'intention > exclusive de ses destinataires. Ils peuvent contenir des > informations confidentielles. Si vous recevez ce message par erreur, > merci de le détruire et d'en avertir immédiatement l'expéditeur. > Toute utilisation de ce message non conforme à sa destination, toute > diffusion ou toute publication, totale ou partielle, est interdite, > sauf autorisation expresse. Ce message a fait l'objet d'un > traitement anti-virus. > > Le contenu de ce message et des pièces jointes ne pourrait engager > la responsabilité du ministère que s'il a été émis par une personne > dûment habilitée agissant dans le strict cadre des fonctions > auxquelles elle est employée et à des fins non étrangères à ses > attributions. > Links: ------ [1] http://www.cgie.lu/ [2] http://www.men.lu/ [3] http://www.gouvernement.lu -- Regards Heiko Zuerker |
|
From: Frank W. <Fra...@cg...> - 2016-08-09 06:58:36
Attachments:
smime.p7s
|
Hi Heiko,
it doesn't get to the point where it logs anything.
I have copied in the /etc/squid.conf supplied with the source (or even
started without conf file).
When I strace it, I see that it opens some libs, and /dev/urandom, but
not /etc/squid.conf. It calls uname and gets the name of the host.
The last 20 lines from strace:
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 29999}, ru_stime={0,
6666}, ...}) = 0
read(3,
"\337\3617\312X\270\340\203\244\376\25+\0316\201\246\205\23\354\245\227\321\23\275l\357\345Ff\324\177\345",
32) = 32
read(3,
"W\247\352\227\254\v\303\221Pi\362\22Dw\6\24\201\200\232\263\252K\331\237o\337\332\372!\347\31[",
32) = 32
read(3, "\16\250\0240\334\360\333\272", 8) = 8
futex(0xbcd810, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0xbcd808, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0xb2a6000) = 0xb2a6000
mmap2(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb538d000
brk(0xb2c9000) = 0xb2c9000
brk(0xb2ed000) = 0xb2ed000
brk(0xb311000) = 0xb311000
brk(0xb335000) = 0xb335000
socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4
setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
close(4) = 0
--- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x8251e40} ---
+++ killed by SIGILL +++
When I start squid from inside the lfssystem (chrooted), it complains
about missing /etc/squid.conf
On a booted DL, it makes no difference if the conf file is present or not.
Thanks
On 2016-08-08 21:00, Heiko Zuerker wrote:
>
> Frank,
>
> Try increasing the log level and see if it spits anything else out in
> the squid log, before it crashes.
> Are you using an existing configuration? If yes, try with a clean one.
> You can also try the server version to see if it's related to any of
> our security enhancements.
>
> Heiko
>
> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>:
>
>> Hi Heiko,
>>
>>
>>
>> I got the latest squid installed, it still crashes:
>>
>>
>>
>> squid -version
>> Squid Cache: Version 3.5.20-20160805-r14070
>> Service Name: squid
>> configure options: '--prefix=/usr' '--sysconfdir=/etc'
>> '--bindir=/usr/sbin' '--libexecdir=/usr/sbin'
>> '--datadir=/usr/share/squid' '--localstatedir=/var/squid'
>> '--sharedstatedir=/var/squid' '--enable-delay-pools
>> ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl'
>> '--enable-ssl' '--with-openssl' '--enable-htcp'
>> '--enable-linux-netfilter' '--enable-auth' '--disable-auth-negotiate'
>> '--enable-auth-basic' '-
>> -enable-auth-ntlm' '--disable-auth-digest'
>> '--enable-log-daemon-helpers' '--enable-external-acl-helpers'
>> '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi'
>> '--enable-ecap' '--enable-follow-x-for
>> warded-for' '--enable-default-err-language=English'
>> '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686'
>> 'CXXFLAGS=-mtune=i686 -march=i686'
>> Illegal instruction
>>
>> Any other ideas?
>>
>>
>>
>> Thanks
>>
>> On 2016-08-03 17:48, Heiko Zuerker wrote:
>>>
>>> Frank,
>>>
>>> It's core dumping, but that could be for a million reasons.
>>> Can you try updating squid and see if it makes a difference?
>>>
>>> Heiko
>>>
>>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>:
>>>
>>>> Hi all,
>>>>
>>>>
>>>>
>>>> squid exits immediately and I have the following log messages. This
>>>> happens in rc1 and rc2. Any hints?
>>>>
>>>>
>>>>
>>>> [10504.225825] grsec: Illegal instruction occurred at 083a5893 in
>>>> /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent
>>>> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0
>>>> [10504.225868] grsec: denied resource overstep by requesting 4096
>>>> for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504]
>>>> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497]
>>>> uid/euid:0/0 gid/
>>>> egid:0/0
>>>>
>>>>
>>>>
>>>>
>>>> Thanks a lot
>>>>
>>>> Frank
>>>> --
>>>>
>>>> *Frank Weis*
>>>> Conseiller informaticien
>>>>
>>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>>> Centre de gestion informatique de l’éducation
>>>>
>>>> eduPôle - Walferdange
>>>> Route de Diekirch, L-7220 Walferdange
>>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>>
>>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174
>>>> E-mail : Fra...@cg... <mailto:Fra...@cg...>
>>>> www.cgie.lu <http://www.cgie.lu/>
>>>> www.men.lu <http://www.men.lu/>
>>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>>
>>>> Ce message et toutes pièces jointes sont établis à l'intention
>>>> exclusive de ses destinataires. Ils peuvent contenir des
>>>> informations confidentielles. Si vous recevez ce message par
>>>> erreur, merci de le détruire et d'en avertir immédiatement
>>>> l'expéditeur. Toute utilisation de ce message non conforme à sa
>>>> destination, toute diffusion ou toute publication, totale ou
>>>> partielle, est interdite, sauf autorisation expresse. Ce message a
>>>> fait l'objet d'un traitement anti-virus.
>>>>
>>>> Le contenu de ce message et des pièces jointes ne pourrait engager
>>>> la responsabilité du ministère que s'il a été émis par une personne
>>>> dûment habilitée agissant dans le strict cadre des fonctions
>>>> auxquelles elle est employée et à des fins non étrangères à ses
>>>> attributions.
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Regards
>>> Heiko Zuerker
>>>
>>
>> --
>>
>> *Frank Weis*
>> Conseiller informaticien
>>
>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>> Centre de gestion informatique de l’éducation
>>
>> eduPôle - Walferdange
>> Route de Diekirch, L-7220 Walferdange
>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>
>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174
>> E-mail : Fra...@cg... <mailto:Fra...@cg...>
>> www.cgie.lu <http://www.cgie.lu/>
>> www.men.lu <http://www.men.lu/>
>> www.gouvernement.lu <http://www.gouvernement.lu>
>>
>> Ce message et toutes pièces jointes sont établis à l'intention
>> exclusive de ses destinataires. Ils peuvent contenir des informations
>> confidentielles. Si vous recevez ce message par erreur, merci de le
>> détruire et d'en avertir immédiatement l'expéditeur. Toute
>> utilisation de ce message non conforme à sa destination, toute
>> diffusion ou toute publication, totale ou partielle, est interdite,
>> sauf autorisation expresse. Ce message a fait l'objet d'un traitement
>> anti-virus.
>>
>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>> responsabilité du ministère que s'il a été émis par une personne
>> dûment habilitée agissant dans le strict cadre des fonctions
>> auxquelles elle est employée et à des fins non étrangères à ses
>> attributions.
>>
>
>
>
> --
>
> Regards
> Heiko Zuerker
>
--
*Frank Weis*
Conseiller informaticien
LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
Centre de gestion informatique de l’éducation
eduPôle - Walferdange
Route de Diekirch, L-7220 Walferdange
_Adresse postale_ : B.P. 98, L-7201 Bereldange
Tél. : (+352) 247-85973 . Fax : (+352) 247-85174
E-mail : Fra...@cg... <mailto:Fra...@cg...>
www.cgie.lu <http://www.cgie.lu/>
www.men.lu <http://www.men.lu/>
www.gouvernement.lu <http://www.gouvernement.lu>
Ce message et toutes pièces jointes sont établis à l'intention exclusive
de ses destinataires. Ils peuvent contenir des informations
confidentielles. Si vous recevez ce message par erreur, merci de le
détruire et d'en avertir immédiatement l'expéditeur. Toute utilisation
de ce message non conforme à sa destination, toute diffusion ou toute
publication, totale ou partielle, est interdite, sauf autorisation
expresse. Ce message a fait l'objet d'un traitement anti-virus.
Le contenu de ce message et des pièces jointes ne pourrait engager la
responsabilité du ministère que s'il a été émis par une personne dûment
habilitée agissant dans le strict cadre des fonctions auxquelles elle
est employée et à des fins non étrangères à ses attributions.
|
|
From: Udo L. <ul...@po...> - 2016-08-09 07:43:48
|
Hi,
I tried to do an simple "squid -v" and the process died also with
Illegal Instruction.
And, like Frank allready wrote, the config file isn't open at this time.
strace shows at last the reading of /dev/urandom:
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
futex(0x70a4a82614e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0) = 0xfd7480
brk(0xff8480) = 0xff8480
brk(0xff9000) = 0xff9000
open("/dev/urandom", O_RDONLY) = 3
fcntl(3, F_GETFD) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 39999}, ru_stime={0,
79999}, ...}) = 0
read(3,
"pu\17\2559L\0017O\221\354\241\363!{\222\370\353d\314S\216\242ND}\26\300Y\37Jp",
32) = 32
read(3,
".\375\267\247IG.\3266+L\26\36\313\30_\225\2055\211\33\201\257\251.\26\26;\347\0215\366",
32) = 32
read(3, "\245m#\314=@**", 8) = 8
futex(0x70a4aa316480, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x70a4aa316470, FUTEX_WAKE_PRIVATE, 2147483647) = 0
brk(0x101a000) = 0x101a000
mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x70a4abfb0000
--- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x793b78} ---
+++ killed by SIGILL +++
At this time also network isn't in use (which is on Franks strace output).
Udo
On 09.08.2016 08:58, Frank Weis wrote:
> Hi Heiko,
>
>
> it doesn't get to the point where it logs anything.
>
> I have copied in the /etc/squid.conf supplied with the source (or even
> started without conf file).
>
> When I strace it, I see that it opens some libs, and /dev/urandom, but
> not /etc/squid.conf. It calls uname and gets the name of the host.
>
>
> The last 20 lines from strace:
>
>
>
> fcntl64(3, F_GETFD) = 0
> fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
> fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
> getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 29999}, ru_stime={0,
> 6666}, ...}) = 0
> read(3,
> "\337\3617\312X\270\340\203\244\376\25+\0316\201\246\205\23\354\245\227\321\23\275l\357\345Ff\324\177\345",
> 32) = 32
> read(3,
> "W\247\352\227\254\v\303\221Pi\362\22Dw\6\24\201\200\232\263\252K\331\237o\337\332\372!\347\31[",
> 32) = 32
> read(3, "\16\250\0240\334\360\333\272", 8) = 8
> futex(0xbcd810, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> futex(0xbcd808, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> brk(0xb2a6000) = 0xb2a6000
> mmap2(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb538d000
> brk(0xb2c9000) = 0xb2c9000
> brk(0xb2ed000) = 0xb2ed000
> brk(0xb311000) = 0xb311000
> brk(0xb335000) = 0xb335000
> socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4
> setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0
> close(4) = 0
> --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x8251e40} ---
> +++ killed by SIGILL +++
>
>
> When I start squid from inside the lfssystem (chrooted), it complains
> about missing /etc/squid.conf
>
> On a booted DL, it makes no difference if the conf file is present or not.
>
>
> Thanks
>
>
> On 2016-08-08 21:00, Heiko Zuerker wrote:
>> Frank,
>>
>> Try increasing the log level and see if it spits anything else out in
>> the squid log, before it crashes.
>> Are you using an existing configuration? If yes, try with a clean one.
>> You can also try the server version to see if it's related to any of
>> our security enhancements.
>>
>> Heiko
>>
>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>:
>>
>>> Hi Heiko,
>>>
>>>
>>>
>>> I got the latest squid installed, it still crashes:
>>>
>>>
>>>
>>> squid -version
>>> Squid Cache: Version 3.5.20-20160805-r14070
>>> Service Name: squid
>>> configure options: '--prefix=/usr' '--sysconfdir=/etc'
>>> '--bindir=/usr/sbin' '--libexecdir=/usr/sbin'
>>> '--datadir=/usr/share/squid' '--localstatedir=/var/squid'
>>> '--sharedstatedir=/var/squid' '--enable-delay-pools
>>> ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl'
>>> '--enable-ssl' '--with-openssl' '--enable-htcp'
>>> '--enable-linux-netfilter' '--enable-auth' '--disable-auth-negotiate'
>>> '--enable-auth-basic' '-
>>> -enable-auth-ntlm' '--disable-auth-digest'
>>> '--enable-log-daemon-helpers' '--enable-external-acl-helpers'
>>> '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi'
>>> '--enable-ecap' '--enable-follow-x-for
>>> warded-for' '--enable-default-err-language=English'
>>> '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686'
>>> 'CXXFLAGS=-mtune=i686 -march=i686'
>>> Illegal instruction
>>>
>>> Any other ideas?
>>>
>>>
>>>
>>> Thanks
>>>
>>> On 2016-08-03 17:48, Heiko Zuerker wrote:
>>>> Frank,
>>>>
>>>> It's core dumping, but that could be for a million reasons.
>>>> Can you try updating squid and see if it makes a difference?
>>>>
>>>> Heiko
>>>>
>>>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>:
>>>>
>>>>> Hi all,
>>>>>
>>>>>
>>>>>
>>>>> squid exits immediately and I have the following log messages. This
>>>>> happens in rc1 and rc2. Any hints?
>>>>>
>>>>>
>>>>>
>>>>> [10504.225825] grsec: Illegal instruction occurred at 083a5893 in
>>>>> /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent
>>>>> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0
>>>>> [10504.225868] grsec: denied resource overstep by requesting 4096
>>>>> for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504]
>>>>> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497]
>>>>> uid/euid:0/0 gid/
>>>>> egid:0/0
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Thanks a lot
>>>>>
>>>>> Frank
>>>>> --
>>>>>
>>>>> *Frank Weis*
>>>>> Conseiller informaticien
>>>>>
>>>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>>>> Centre de gestion informatique de l’éducation
>>>>>
>>>>> eduPôle - Walferdange
>>>>> Route de Diekirch, L-7220 Walferdange
>>>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>>>
>>>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174
>>>>> E-mail : Fra...@cg... <mailto:Fra...@cg...>
>>>>> www.cgie.lu <http://www.cgie.lu/>
>>>>> www.men.lu <http://www.men.lu/>
>>>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>>>
>>>>> Ce message et toutes pièces jointes sont établis à l'intention
>>>>> exclusive de ses destinataires. Ils peuvent contenir des
>>>>> informations confidentielles. Si vous recevez ce message par
>>>>> erreur, merci de le détruire et d'en avertir immédiatement
>>>>> l'expéditeur. Toute utilisation de ce message non conforme à sa
>>>>> destination, toute diffusion ou toute publication, totale ou
>>>>> partielle, est interdite, sauf autorisation expresse. Ce message a
>>>>> fait l'objet d'un traitement anti-virus.
>>>>>
>>>>> Le contenu de ce message et des pièces jointes ne pourrait engager
>>>>> la responsabilité du ministère que s'il a été émis par une personne
>>>>> dûment habilitée agissant dans le strict cadre des fonctions
>>>>> auxquelles elle est employée et à des fins non étrangères à ses
>>>>> attributions.
>>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Regards
>>>> Heiko Zuerker
>>>>
>>> --
>>>
>>> *Frank Weis*
>>> Conseiller informaticien
>>>
>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG
>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse
>>> Centre de gestion informatique de l’éducation
>>>
>>> eduPôle - Walferdange
>>> Route de Diekirch, L-7220 Walferdange
>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange
>>>
>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174
>>> E-mail : Fra...@cg... <mailto:Fra...@cg...>
>>> www.cgie.lu <http://www.cgie.lu/>
>>> www.men.lu <http://www.men.lu/>
>>> www.gouvernement.lu <http://www.gouvernement.lu>
>>>
>>> Ce message et toutes pièces jointes sont établis à l'intention
>>> exclusive de ses destinataires. Ils peuvent contenir des informations
>>> confidentielles. Si vous recevez ce message par erreur, merci de le
>>> détruire et d'en avertir immédiatement l'expéditeur. Toute
>>> utilisation de ce message non conforme à sa destination, toute
>>> diffusion ou toute publication, totale ou partielle, est interdite,
>>> sauf autorisation expresse. Ce message a fait l'objet d'un traitement
>>> anti-virus.
>>>
>>> Le contenu de ce message et des pièces jointes ne pourrait engager la
>>> responsabilité du ministère que s'il a été émis par une personne
>>> dûment habilitée agissant dans le strict cadre des fonctions
>>> auxquelles elle est employée et à des fins non étrangères à ses
>>> attributions.
>>>
>>
>>
>> --
>>
>> Regards
>> Heiko Zuerker
>>
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. http://sdm.link/zohodev2dev
>
>
> _______________________________________________
> Devil-linux-discuss mailing list
> Dev...@li...
> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss
|
|
From: Heiko Z. <he...@zu...> - 2016-08-13 13:04:59
|
Udo & Frank, I just tested squid and it seems to work fine on the latest build (haven't done any changes). Do you use your own build? Is it using the standard config or did you customize? (maybe we're missing a lib). I'm uploading the exact version I'm testing with to ftp.devil-linux.org/pub/devel/testing right now. It should be complete about 45 minutes from writing this email. Try it with that and let me know if it behaves any different. Heiko Quoting Udo Lembke <ul...@po...>: > Hi, > I tried to do an simple "squid -v" and the process died also with > Illegal Instruction. > And, like Frank allready wrote, the config file isn't open at this time. > > strace shows at last the reading of /dev/urandom: > getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 > futex(0x70a4a82614e8, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > brk(0) = 0xfd7480 > brk(0xff8480) = 0xff8480 > brk(0xff9000) = 0xff9000 > open("/dev/urandom", O_RDONLY) = 3 > fcntl(3, F_GETFD) = 0 > fcntl(3, F_SETFD, FD_CLOEXEC) = 0 > fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 > getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 39999}, ru_stime={0, > 79999}, ...}) = 0 > read(3, > "pu\17\2559L\0017O\221\354\241\363!{\222\370\353d\314S\216\242ND}\26\300Y\37Jp", > 32) = 32 > read(3, > ".\375\267\247IG.\3266+L\26\36\313\30_\225\2055\211\33\201\257\251.\26\26;\347\0215\366", > 32) = 32 > read(3, "\245m#\314=@**", 8) = 8 > futex(0x70a4aa316480, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > futex(0x70a4aa316470, FUTEX_WAKE_PRIVATE, 2147483647) = 0 > brk(0x101a000) = 0x101a000 > mmap(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, > 0) = 0x70a4abfb0000 > --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x793b78} --- > +++ killed by SIGILL +++ > At this time also network isn't in use (which is on Franks strace output). > > Udo > > On 09.08.2016 08:58, Frank Weis wrote: >> Hi Heiko, >> >> it doesn't get to the point where it logs anything. >> >> I have copied in the /etc/squid.conf supplied with the source (or even >> started without conf file). >> >> When I strace it, I see that it opens some libs, and /dev/urandom, but >> not /etc/squid.conf. It calls uname and gets the name of the host. >> >> The last 20 lines from strace: >> >> fcntl64(3, F_GETFD) = 0 >> fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 >> fstat64(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 >> getrusage(0x1 /* RUSAGE_??? */, {ru_utime={0, 29999}, ru_stime={0, >> 6666}, ...}) = 0 >> read(3, >> "\337\3617\312X\270\340\203\244\376\25+\0316\201\246\205\23\354\245\227\321\23\275l\357\345Ff\324\177\345", >> 32) = 32 >> read(3, >> "W\247\352\227\254\v\303\221Pi\362\22Dw\6\24\201\200\232\263\252K\331\237o\337\332\372!\347\31[", >> 32) = 32 >> read(3, "\16\250\0240\334\360\333\272", 8) = 8 >> futex(0xbcd810, FUTEX_WAKE_PRIVATE, 2147483647) = 0 >> futex(0xbcd808, FUTEX_WAKE_PRIVATE, 2147483647) = 0 >> brk(0xb2a6000) = 0xb2a6000 >> mmap2(NULL, 266240, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, >> 0) = 0xb538d000 >> brk(0xb2c9000) = 0xb2c9000 >> brk(0xb2ed000) = 0xb2ed000 >> brk(0xb311000) = 0xb311000 >> brk(0xb335000) = 0xb335000 >> socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 4 >> setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = 0 >> close(4) = 0 >> --- SIGILL {si_signo=SIGILL, si_code=ILL_ILLOPN, si_addr=0x8251e40} --- >> +++ killed by SIGILL +++ >> >> When I start squid from inside the lfssystem (chrooted), it complains >> about missing /etc/squid.conf >> >> On a booted DL, it makes no difference if the conf file is present or not. >> >> Thanks >> >> On 2016-08-08 21:00, Heiko Zuerker wrote: >>> Frank, >>> >>> Try increasing the log level and see if it spits anything else out in >>> the squid log, before it crashes. >>> Are you using an existing configuration? If yes, try with a clean one. >>> You can also try the server version to see if it's related to any of >>> our security enhancements. >>> >>> Heiko >>> >>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>: >>> >>>> Hi Heiko, >>>> >>>> I got the latest squid installed, it still crashes: >>>> >>>> squid -version >>>> Squid Cache: Version 3.5.20-20160805-r14070 >>>> Service Name: squid >>>> configure options: '--prefix=/usr' '--sysconfdir=/etc' >>>> '--bindir=/usr/sbin' '--libexecdir=/usr/sbin' >>>> '--datadir=/usr/share/squid' '--localstatedir=/var/squid' >>>> '--sharedstatedir=/var/squid' '--enable-delay-pools >>>> ' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' >>>> '--enable-ssl' '--with-openssl' '--enable-htcp' >>>> '--enable-linux-netfilter' '--enable-auth' '--disable-auth-negotiate' >>>> '--enable-auth-basic' '- >>>> -enable-auth-ntlm' '--disable-auth-digest' >>>> '--enable-log-daemon-helpers' '--enable-external-acl-helpers' >>>> '--enable-url-rewrite-helpers' '--enable-delay-icmp' '--enable-esi' >>>> '--enable-ecap' '--enable-follow-x-for >>>> warded-for' '--enable-default-err-language=English' >>>> '--enable-err-languages=English' 'CFLAGS=-mtune=i686 -march=i686' >>>> 'CXXFLAGS=-mtune=i686 -march=i686' >>>> Illegal instruction >>>> >>>> Any other ideas? >>>> >>>> Thanks >>>> >>>> On 2016-08-03 17:48, Heiko Zuerker wrote: >>>>> Frank, >>>>> >>>>> It's core dumping, but that could be for a million reasons. >>>>> Can you try updating squid and see if it makes a difference? >>>>> >>>>> Heiko >>>>> >>>>> Quoting Frank Weis <Fra...@cg... <mailto:Fra...@cg...>>: >>>>> >>>>>> Hi all, >>>>>> >>>>>> squid exits immediately and I have the following log messages. This >>>>>> happens in rc1 and rc2. Any hints? >>>>>> >>>>>> [10504.225825] grsec: Illegal instruction occurred at 083a5893 in >>>>>> /usr/sbin/squid[squid:2504] uid/euid:0/0 gid/egid:0/0, parent >>>>>> /etc/init.d/squid[squid:2497] uid/euid:0/0 gid/egid:0/0 >>>>>> [10504.225868] grsec: denied resource overstep by requesting 4096 >>>>>> for RLIMIT_CORE against limit 0 for /usr/sbin/squid[squid:2504] >>>>>> uid/euid:0/0 gid/egid:0/0, parent /etc/init.d/squid[squid:2497] >>>>>> uid/euid:0/0 gid/ >>>>>> egid:0/0 >>>>>> >>>>>> Thanks a lot >>>>>> >>>>>> Frank >>>>>> -- >>>>>> >>>>>> *Frank Weis* >>>>>> Conseiller informaticien >>>>>> >>>>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >>>>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >>>>>> Centre de gestion informatique de l’éducation >>>>>> >>>>>> eduPôle - Walferdange >>>>>> Route de Diekirch, L-7220 Walferdange >>>>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange >>>>>> >>>>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >>>>>> E-mail : Fra...@cg... <mailto:Fra...@cg...> >>>>>> www.cgie.lu[1] <http://www.cgie.lu/> >>>>>> www.men.lu[2] <http://www.men.lu/> >>>>>> www.gouvernement.lu[3] <http://www.gouvernement.lu> >>>>>> >>>>>> Ce message et toutes pièces jointes sont établis à l'intention >>>>>> exclusive de ses destinataires. Ils peuvent contenir des >>>>>> informations confidentielles. Si vous recevez ce message par >>>>>> erreur, merci de le détruire et d'en avertir immédiatement >>>>>> l'expéditeur. Toute utilisation de ce message non conforme à sa >>>>>> destination, toute diffusion ou toute publication, totale ou >>>>>> partielle, est interdite, sauf autorisation expresse. Ce message a >>>>>> fait l'objet d'un traitement anti-virus. >>>>>> >>>>>> Le contenu de ce message et des pièces jointes ne pourrait engager >>>>>> la responsabilité du ministère que s'il a été émis par une personne >>>>>> dûment habilitée agissant dans le strict cadre des fonctions >>>>>> auxquelles elle est employée et à des fins non étrangères à ses >>>>>> attributions. >>>>> >>>>> -- >>>>> >>>>> Regards >>>>> Heiko Zuerker >>>> >>>> -- >>>> >>>> *Frank Weis* >>>> Conseiller informaticien >>>> >>>> LE GOUVERNEMENT DU GRAND-DUCHÉ DE LUXEMBOURG >>>> Ministère de l’Éducation nationale, de l’Enfance et de la Jeunesse >>>> Centre de gestion informatique de l’éducation >>>> >>>> eduPôle - Walferdange >>>> Route de Diekirch, L-7220 Walferdange >>>> _Adresse postale_ : B.P. 98, L-7201 Bereldange >>>> >>>> Tél. : (+352) 247-85973 . Fax : (+352) 247-85174 >>>> E-mail : Fra...@cg... <mailto:Fra...@cg...> >>>> www.cgie.lu[1] <http://www.cgie.lu/> >>>> www.men.lu[2] <http://www.men.lu/> >>>> www.gouvernement.lu[3] <http://www.gouvernement.lu> >>>> >>>> Ce message et toutes pièces jointes sont établis à l'intention >>>> exclusive de ses destinataires. Ils peuvent contenir des informations >>>> confidentielles. Si vous recevez ce message par erreur, merci de le >>>> détruire et d'en avertir immédiatement l'expéditeur. Toute >>>> utilisation de ce message non conforme à sa destination, toute >>>> diffusion ou toute publication, totale ou partielle, est interdite, >>>> sauf autorisation expresse. Ce message a fait l'objet d'un traitement >>>> anti-virus. >>>> >>>> Le contenu de ce message et des pièces jointes ne pourrait engager la >>>> responsabilité du ministère que s'il a été émis par une personne >>>> dûment habilitée agissant dans le strict cadre des fonctions >>>> auxquelles elle est employée et à des fins non étrangères à ses >>>> attributions. >>> >>> -- >>> >>> Regards >>> Heiko Zuerker >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss Links: ------ [1] http://www.cgie.lu [2] http://www.men.lu [3] http://www.gouvernement.lu -- Regards Heiko Zuerker |
|
From: Udo L. <ul...@po...> - 2016-08-13 13:58:13
|
Hi Heiko, tested devil-linux-1.8.0-rc2-2016-08-13-x86_64-server.tar.xz and "squid -v" stop with Illegal instruction like before. Udo On 13.08.2016 15:04, Heiko Zuerker wrote: > Udo & Frank, > > I just tested squid and it seems to work fine on the latest build > (haven't done any changes). > Do you use your own build? Is it using the standard config or did you > customize? (maybe we're missing a lib). > > I'm uploading the exact version I'm testing with > to ftp.devil-linux.org/pub/devel/testing right now. It should be > complete about 45 minutes from writing this email. > > Try it with that and let me know if it behaves any different. > > Heiko > |
|
From: Heiko Z. <he...@zu...> - 2016-08-13 14:07:38
|
Udo, Hmm... This is getting interesting. What CPU do you have? The ISO was build on a current Intel CPU. Heiko Quoting Udo Lembke <ul...@po...>: > Hi Heiko, > > tested devil-linux-1.8.0-rc2-2016-08-13-x86_64-server.tar.xz > > and "squid -v" stop with Illegal instruction like before. > > Udo > > On 13.08.2016 15:04, Heiko Zuerker wrote: >> Udo & Frank, >> >> I just tested squid and it seems to work fine on the latest build >> (haven't done any changes). >> Do you use your own build? Is it using the standard config or did you >> customize? (maybe we're missing a lib). >> >> I'm uploading the exact version I'm testing with >> to ftp.devil-linux.org/pub/devel/testing[1] right now. It should be >> complete about 45 minutes from writing this email. >> >> Try it with that and let me know if it behaves any different. >> >> Heiko > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss Links: ------ [1] http://ftp.devil-linux.org/pub/devel/testing -- Regards Heiko Zuerker |
|
From: Udo L. <ul...@po...> - 2016-08-13 14:59:07
|
Hi Heiko, devil-linux run on qemu (proxmox ve): root@pve1:~# kvm -version QEMU emulator version 2.6.0 pve-qemu-kvm_2.6-1, Copyright (c) 2003-2008 Fabrice Bellard With virtual cpu kvm64 - but the same happens, if I switch the cpu type to host. The host cpu is in this case an AMD Turion(tm) II Neo N40L Dual-Core Processor. On my laptop with debian Jessie and kvm the same happens with kvm64 but with cpu host squid run: kvm -hda testdisk.img -cdrom ../devil/devil-linux-1.8.0-rc2-2016-08-13-x86_64/dl-1.8.0-rc2-2016-08-13-x86_64_server.iso -cpu host,+kvm_pv_unhalt,+kvm_pv_eoi -boot d -k de -m 512 -net none -vnc 127.0.0.1:1 host cpu: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Udo On 13.08.2016 16:07, Heiko Zuerker wrote: > Udo, > > Hmm... This is getting interesting. > > What CPU do you have? The ISO was build on a current Intel CPU. > > Heiko > > Quoting Udo Lembke <ul...@po...>: > >> Hi Heiko, >> >> tested devil-linux-1.8.0-rc2-2016-08-13-x86_64-server.tar.xz >> >> and "squid -v" stop with Illegal instruction like before. >> >> Udo >> >> On 13.08.2016 15:04, Heiko Zuerker wrote: >>> Udo & Frank, >>> >>> I just tested squid and it seems to work fine on the latest build >>> (haven't done any changes). >>> Do you use your own build? Is it using the standard config or did you >>> customize? (maybe we're missing a lib). >>> >>> I'm uploading the exact version I'm testing with >>> to ftp.devil-linux.org/pub/devel/testing[1] right now. It should be >>> complete about 45 minutes from writing this email. >>> >>> Try it with that and let me know if it behaves any different. >>> >>> Heiko >> >> ------------------------------------------------------------------------------ >> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and >> protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> > > > > Links: > ------ > [1] http://ftp.devil-linux.org/pub/devel/testing > -- > > Regards > Heiko Zuerker > > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > > > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Frank W. <Fra...@cg...> - 2016-08-13 15:18:25
|
Hi, I haven't tested your newest upload but: my build is standard, without any modifications, BUT I set everything to 686 in Build Configuration/Processor and Memory because I have a bunch of firewalls witch cheap CPUs that don't support PAE. The crash happens also on systems with better CPUs and PAE, though. Should I still test something? Being on vacation, I could just test on KVM, not on actual hardware. Thanks for your help and effort, Frank ________________________________________ From: Udo Lembke [ul...@po...] Sent: Saturday, August 13, 2016 4:58 PM To: dev...@li... Subject: Re: [Devil-Linux-discuss] Squid trouble in DL 1.8.0-rc2 Hi Heiko, devil-linux run on qemu (proxmox ve): root@pve1:~# kvm -version QEMU emulator version 2.6.0 pve-qemu-kvm_2.6-1, Copyright (c) 2003-2008 Fabrice Bellard With virtual cpu kvm64 - but the same happens, if I switch the cpu type to host. The host cpu is in this case an AMD Turion(tm) II Neo N40L Dual-Core Processor. On my laptop with debian Jessie and kvm the same happens with kvm64 but with cpu host squid run: kvm -hda testdisk.img -cdrom ../devil/devil-linux-1.8.0-rc2-2016-08-13-x86_64/dl-1.8.0-rc2-2016-08-13-x86_64_server.iso -cpu host,+kvm_pv_unhalt,+kvm_pv_eoi -boot d -k de -m 512 -net none -vnc 127.0.0.1:1 host cpu: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Udo On 13.08.2016 16:07, Heiko Zuerker wrote: > Udo, > > Hmm... This is getting interesting. > > What CPU do you have? The ISO was build on a current Intel CPU. > > Heiko > > Quoting Udo Lembke <ul...@po...>: > >> Hi Heiko, >> >> tested devil-linux-1.8.0-rc2-2016-08-13-x86_64-server.tar.xz >> >> and "squid -v" stop with Illegal instruction like before. >> >> Udo >> >> On 13.08.2016 15:04, Heiko Zuerker wrote: >>> Udo & Frank, >>> >>> I just tested squid and it seems to work fine on the latest build >>> (haven't done any changes). >>> Do you use your own build? Is it using the standard config or did you >>> customize? (maybe we're missing a lib). >>> >>> I'm uploading the exact version I'm testing with >>> to ftp.devil-linux.org/pub/devel/testing[1] right now. It should be >>> complete about 45 minutes from writing this email. >>> >>> Try it with that and let me know if it behaves any different. >>> >>> Heiko >> >> ------------------------------------------------------------------------------ >> >> What NetFlow Analyzer can do for you? Monitors network bandwidth and >> traffic >> patterns at an interface-level. Reveals which users, apps, and >> protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> > > > > Links: > ------ > [1] http://ftp.devil-linux.org/pub/devel/testing > -- > > Regards > Heiko Zuerker > > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > > > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. http://sdm.link/zohodev2dev _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Heiko Z. <he...@zu...> - 2016-08-14 12:54:39
|
Hey, I think I might have found the issue. Refresh from CVS. I added --disable-arch-native to the configure line. Without it, it uses "-march=native", which optimizes the binary for the CPU the build is being run on. This can then cause issues if you run it on a different host. Let me know if this works. Heiko Quoting Frank Weis <Fra...@cg...>: > Hi, > > I haven't tested your newest upload but: > > my build is standard, without any modifications, BUT I set > everything to 686 in Build Configuration/Processor and Memory > because I have a bunch of firewalls witch cheap CPUs that don't > support PAE. > > The crash happens also on systems with better CPUs and PAE, though. > > Should I still test something? Being on vacation, I could just test > on KVM, not on actual hardware. > > Thanks for your help and effort, > > Frank > ________________________________________ > From: Udo Lembke [ul...@po...] > Sent: Saturday, August 13, 2016 4:58 PM > To: dev...@li... > Subject: Re: [Devil-Linux-discuss] Squid trouble in DL 1.8.0-rc2 > > Hi Heiko, > devil-linux run on qemu (proxmox ve): > root@pve1:~# kvm -version > QEMU emulator version 2.6.0 pve-qemu-kvm_2.6-1, Copyright (c) 2003-2008 > Fabrice Bellard > > With virtual cpu kvm64 - but the same happens, if I switch the cpu type > to host. > The host cpu is in this case an AMD Turion(tm) II Neo N40L Dual-Core > Processor. > On my laptop with debian Jessie and kvm the same happens with kvm64 but > with cpu host squid run: > kvm -hda testdisk.img -cdrom > ../devil/devil-linux-1.8.0-rc2-2016-08-13-x86_64/dl-1.8.0-rc2-2016-08-13-x86_64_server.iso > -cpu host,+kvm_pv_unhalt,+kvm_pv_eoi -boot d -k de -m 512 -net none -vnc > 127.0.0.1:1 > host cpu: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz > > Udo > > On 13.08.2016 16:07, Heiko Zuerker wrote: >> Udo, >> >> Hmm... This is getting interesting. >> >> What CPU do you have? The ISO was build on a current Intel CPU. >> >> Heiko >> >> Quoting Udo Lembke <ul...@po...>: >> >>> Hi Heiko, >>> >>> tested devil-linux-1.8.0-rc2-2016-08-13-x86_64-server.tar.xz >>> >>> and "squid -v" stop with Illegal instruction like before. >>> >>> Udo >>> >>> On 13.08.2016 15:04, Heiko Zuerker wrote: >>>> Udo & Frank, >>>> >>>> I just tested squid and it seems to work fine on the latest build >>>> (haven't done any changes). >>>> Do you use your own build? Is it using the standard config or did you >>>> customize? (maybe we're missing a lib). >>>> >>>> I'm uploading the exact version I'm testing with >>>> to ftp.devil-linux.org/pub/devel/testing[1][1] right now. It should be >>>> complete about 45 minutes from writing this email. >>>> >>>> Try it with that and let me know if it behaves any different. >>>> >>>> Heiko >>> >>> ------------------------------------------------------------------------------ >>> >>> What NetFlow Analyzer can do for you? Monitors network bandwidth and >>> traffic >>> patterns at an interface-level. Reveals which users, apps, and >>> protocols are >>> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >>> J-Flow, sFlow and other flows. Make informed decisions using capacity >>> planning reports. http://sdm.link/zohodev2dev >>> _______________________________________________ >>> Devil-linux-discuss mailing list >>> Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> Links: >> ------ >> [1] http://ftp.devil-linux.org/pub/devel/testing >> -- >> >> Regards >> Heiko Zuerker >> >> ------------------------------------------------------------------------------ >> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic >> patterns at an interface-level. Reveals which users, apps, and protocols are >> consuming the most bandwidth. Provides multi-vendor support for NetFlow, >> J-Flow, sFlow and other flows. Make informed decisions using capacity >> planning reports. http://sdm.link/zohodev2dev >> >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic > patterns at an interface-level. Reveals which users, apps, and protocols are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. http://sdm.link/zohodev2dev > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss Links: ------ [1] http://ftp.devil-linux.org/pub/devel/testing -- Regards Heiko Zuerker |
|
From: Udo L. <ul...@po...> - 2016-08-16 12:21:13
|
Hi, "squid -v" is now working on qemu and with type host an AMD Turion II Neo N40L too! @Heiko - do you got my haproxy-config/startscript? Udo On 14.08.2016 14:54, Heiko Zuerker wrote: > Hey, > > I think I might have found the issue. Refresh from CVS. I > added --disable-arch-native to the configure line. Without it, it uses > "-march=native", which optimizes the binary for the CPU the build is > being run on. This can then cause issues if you run it on a different > host. > > Let me know if this works. > > Heiko > > Quoting Frank Weis <Fra...@cg...>: > |
|
From: Heiko Z. <he...@zu...> - 2016-08-16 12:56:03
|
Udo, Awesome! I'm glad this fixed it. Yes I received your files, just didn't have time to review and test it. Hopefully next weekend will be less busy. Thanks for getting it done. Heiko Quoting Udo Lembke <ul...@po...>: > Hi, > > "squid -v" is now working on qemu and with type host an AMD Turion II > Neo N40L too! > > @Heiko - do you got my haproxy-config/startscript? > > Udo > > On 14.08.2016 14:54, Heiko Zuerker wrote: >> Hey, >> >> I think I might have found the issue. Refresh from CVS. I >> added --disable-arch-native to the configure line. Without it, it uses >> "-march=native", which optimizes the binary for the CPU the build is >> being run on. This can then cause issues if you run it on a different >> host. >> >> Let me know if this works. >> >> Heiko >> >> Quoting Frank Weis <Fra...@cg...>: > > ------------------------------------------------------------------------------ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li...://lists.sourceforge.net/lists/listinfo/devil-linux-discuss -- Regards Heiko Zuerker |
