Subject: pkg/30085: squid-2.5.9 >=nb6 crashes when doing ipf-transparent
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <kilbi@kilbi.de>
List: pkgsrc-bugs
Date: 04/28/2005 22:21:00
>Number:         30085
>Category:       pkg
>Synopsis:       squid (>=nb6) crashes when doing ipf-transparent
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 28 22:21:00 +0000 2005
>Originator:     Markus W Kilbinger
>Release:        NetBSD 3.99.3
>Organization:
>Environment:
System: NetBSD mogli 3.99.3 NetBSD 3.99.3 (MOGLI) #42: Thu Apr 28 21:08:50 MEST 2005  root@lwle5:/usr/src/sys/arch/i386/compile/MOGLI i386
Architecture: i386
Machine: i386
>Description:
	Since squid-2.5.9nb6 (I didn't try nb5) squid configured as a
	transparent proxy with ipf and ipnat crashes while processing
	transparent ipf request (on port 80 redirected/ipnat to
	squid's port 3128) with:

	  2005/04/28 23:42:48| parseHttpRequest: NAT lookup failed: ioctl(SIOCGNATL)
	  FATAL: Received Segment Violation...dying.

	Processing direct proxy requests (on port 3128) seem to work
	fine.

	Maybe this problem is related to some mismatch between the
	(new) ipfilter v4.1.8 and some of the squid patches?
>How-To-Repeat:
	Setup a current -current system (ipfilter v4.1.8) with
	pkgsrc's squid as a transparent proxy with ipf/ipnat (rdr ex0
	0.0.0.0/0 port 80 -> localhost port 3128 tcp), try to make
	a transparent http request via squid and see how it fails.
>Fix:
	Workaround: Use an older squid (binary) package
	(squid-2.5.9nb4.tgz) which works fine for me with transparent
	proxying.