dlundquist
commented
10 years ago @JustMe0815 da59311f36 is working for me on Debian Wheezy. Could you try running sniproxy inside strace: strace -f snirproxy -c /path/to/sniproxy.conf
Closed JustMe0815 closed 10 years ago
dlundquist
commented
10 years ago @JustMe0815 da59311f36 is working for me on Debian Wheezy. Could you try running sniproxy inside strace: strace -f snirproxy -c /path/to/sniproxy.conf
JustMe0815
commented
10 years ago that works great, i just tried it to just write sniproxy into the console. that works fine too, but the /etc/init.d/sniproxy start does not work. it creates a pid file but sniproxy does not work
i have debian wheezy too
dlundquist
commented
10 years ago @JustMe0815 my server had a lingering sniproxy process, try killing off all the sniproxy processes and removing the PID file then starting it via the init script.
JustMe0815
commented
10 years ago accept(7, {sa_family=AF_INET, sin_port=htons(43443), sin_addr=inet_addr("37.24.140.xyz")}, [16]) = 20
fcntl(20, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(20, F_SETFL, O_RDWR|O_NONBLOCK) = 0
clock_gettime(CLOCK_MONOTONIC, {2256412, 304614016}) = 0
epoll_ctl(3, EPOLL_CTL_ADD, 20, {EPOLLIN, {u32=20, u64=25769803796}}) = 0
clock_gettime(CLOCK_MONOTONIC, {2256412, 304843105}) = 0
epoll_wait(3, {{EPOLLIN, {u32=7, u64=4294967303}}}, 64, 59743) = 1
clock_gettime(CLOCK_MONOTONIC, {2256412, 305066607}) = 0
accept(7, {sa_family=AF_INET, sin_port=htons(43568), sin_addr=inet_addr("37.24.140.xyz")}, [16]) = 21
fcntl(21, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(21, F_SETFL, O_RDWR|O_NONBLOCK) = 0
clock_gettime(CLOCK_MONOTONIC, {2256412, 305501877}) = 0
epoll_ctl(3, EPOLL_CTL_ADD, 21, {EPOLLIN, {u32=21, u64=30064771093}}) = 0
clock_gettime(CLOCK_MONOTONIC, {2256412, 305718394}) = 0
epoll_wait(3,that's what i get when i put a strace on the init.d script
dlundquist
commented
10 years ago @JustMe0815 That strace looks normal.
JustMe0815
commented
10 years ago weird, but when i load the website in my browser it does not open.
when i kill it and start it just without the init.d it works fine
JustMe0815
commented
10 years ago epoll_wait(3, {}, 64, 1) = 0
clock_gettime(CLOCK_MONOTONIC, {2256653, 429278333}) = 0
sendto(16, "\260\324\1\0\0\1\0\0\0\0\0\1\3www\7netflix\3com\0\0\1\0"..., 44, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 16) = 44
clock_gettime(CLOCK_MONOTONIC, {2256653, 430151108}) = 0
epoll_wait(3, {{EPOLLIN, {u32=16, u64=4294967312}}}, 64, 999) = 1
clock_gettime(CLOCK_MONOTONIC, {2256653, 430434676}) = 0
recvfrom(16, "\260\324\205\200\0\1\0\1\0\1\0\2\3www\7netflix\3com\0\0\1\0"..., 4096, MSG_DONTWAIT, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 94
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 18
fcntl(18, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(18, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(18, {sa_family=AF_INET, sin_port=htons(80), sin_addr=inet_addr("50.30.42.128")}, 16) = -1 EINPROGRESS (Operation now in progress)
recvfrom(16, 0x7a7310, 4096, 64, 0x7fff670d4a10, 0x7fff670d49fc) = -1 EAGAIN (Resource temporarily unavailable)
epoll_ctl(3, EPOLL_CTL_ADD, 18, {EPOLLOUT, {u32=18, u64=77309411346}}) = 0
clock_gettime(CLOCK_MONOTONIC, {2256653, 431597723}) = 0
epoll_wait(3, {{EPOLLOUT|EPOLLERR|EPOLLHUP, {u32=18, u64=77309411346}}}, 64, 59743) = 1
epoll_ctl(3, EPOLL_CTL_MOD, 18, {EPOLLOUT, {u32=18, u64=77309411346}}) = 0
clock_gettime(CLOCK_MONOTONIC, {2256653, 432052829}) = 0
sendmsg(18, {msg_name(0)=NULL, msg_iov(1)=[{"GET /WiHome HTTP/1.1\r\nHost: www."..., 3174}], msg_controllen=0, msg_flags=0}, 0) = -1 ECONNREFUSED (Connection refused)
clock_gettime(CLOCK_MONOTONIC, {2256653, 432375510}) = 0
time(NULL) = 1397070297
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0
close(18) = 0
close(17) = 0
clock_gettime(CLOCK_MONOTONIC, {2256653, 433295499}) = 0
epoll_wait(3,and this
connect(18, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("50.30.42.xyz")}, 16) = -1 EINPROGRESS (Operation now in progress)
recvfrom(16, 0x7a7310, 4096, 64, 0x7fff670d4a10, 0x7fff670d49fc) = -1 EAGAIN (Resource temporarily unavailable)Here are the packages I'm using: http://gateway01.nssix.com/packages/
JustMe0815
commented
10 years ago installed the packages. it works without the init script. as soon as i start it with the init script. nothing loads.
dlundquist
commented
10 years ago Could you check that your pidfile is /var/run/sniproxy and invoke the init script with sh -x?
$ sudo sh -x /etc/init.d/sniproxy restart
+ PATH=/sbin:/usr/sbin:/bin:/usr/bin
+ DESC=HTTPS SNI proxy
+ NAME=sniproxy
+ DAEMON=/usr/sbin/sniproxy
+ DAEMON_ARGS=
+ PIDFILE=/var/run/sniproxy.pid
+ SCRIPTNAME=/etc/init.d/sniproxy
+ ENABLED=1
+ [ -x /usr/sbin/sniproxy ]
+ [ -r /etc/default/sniproxy ]
+ . /etc/default/sniproxy
+ ENABLED=1
+ . /lib/init/vars.sh
+ TMPTIME=0
+ SULOGIN=no
+ DELAYLOGIN=no
+ UTC=yes
+ VERBOSE=no
+ FSCKFIX=no
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ unset EDITMOTD
+ unset RAMRUN
+ unset RAMLOCK
+ [ -r /proc/cmdline ]
+ cat /proc/cmdline
+ [ ]
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ true
+ test 1 != 0
+ log_daemon_msg Restarting HTTPS SNI proxy sniproxy
+ [ -z Restarting HTTPS SNI proxy ]
+ log_daemon_msg_pre Restarting HTTPS SNI proxy sniproxy
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z ]
+ FANCYTTY=1
+ true
+ /bin/echo -n [....]
[....] + [ -z sniproxy ]
+ /bin/echo -n Restarting HTTPS SNI proxy: sniproxy
Restarting HTTPS SNI proxy: sniproxy+ log_daemon_msg_post Restarting HTTPS SNI proxy sniproxy
+ :
+ do_stop
+ basename /usr/sbin/sniproxy
+ start-stop-daemon --stop --quiet --pidfile /var/run/sniproxy.pid --retry=TERM/30/KILL/5 --name sniproxy
+ RETVAL=0
+ [ 0 = 2 ]
+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sniproxy.pid --retry=0/30/KILL/5 --exec /usr/sbin/sniproxy
+ [ 0 = 2 ]
+ return 0
+ do_start
+ start-stop-daemon --start --quiet --pidfile /var/run/sniproxy.pid --exec /usr/sbin/sniproxy --test
+ start-stop-daemon --start --quiet --pidfile /var/run/sniproxy.pid --exec /usr/sbin/sniproxy --
2014-04-09 19:22:47 Parsed gallery.overthere.org [2607:f700:1:a0:216:3eff:fe8d:3c48]
2014-04-09 19:22:47 Parsed overthere.org [2607:f700:1:a0:216:3eff:fe63:be7c]
2014-04-09 19:22:47 Parsed dev.overthere.org [2607:f700:1:a0:216:3eff:fe63:be7c]
2014-04-09 19:22:47 Parsed build-rascal.overthere.org [2607:f700:1:a0:216:3eff:fe23:506c]
2014-04-09 19:22:47 Parsed build-openbsd.overthere.org [2607:f700:1:a0:216:3eff:fe58:cc95]
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 2
+ GREEN=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ /usr/bin/tput civis
+ /usr/bin/tput sc
+ /usr/bin/tput hpa 0
+ [ 0 -eq 0 ]
+ /bin/echo -ne [ ok
[ ok + /usr/bin/tput rc
+ /usr/bin/tput cnorm
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 1 ]
+ true
+ true
+ /usr/bin/tput setaf 1
+ RED=
+ /usr/bin/tput setaf 3
+ YELLOW=
+ /usr/bin/tput op
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :sh -x /etc/init.d/sniproxy restart
+ PATH=/sbin:/usr/sbin:/bin:/usr/bin
+ DESC=HTTPS SNI proxy
+ NAME=sniproxy
+ DAEMON=/usr/sbin/sniproxy
+ DAEMON_ARGS=
+ PIDFILE=/var/run/sniproxy.pid
+ SCRIPTNAME=/etc/init.d/sniproxy
+ ENABLED=1
+ [ -x /usr/sbin/sniproxy ]
+ [ -r /etc/default/sniproxy ]
+ . /etc/default/sniproxy
+ ENABLED=1
+ . /lib/init/vars.sh
+ TMPTIME=0
+ SULOGIN=no
+ DELAYLOGIN=no
+ UTC=yes
+ VERBOSE=no
+ FSCKFIX=no
+ [ -f /etc/default/rcS ]
+ . /etc/default/rcS
+ unset EDITMOTD
+ unset RAMRUN
+ unset RAMLOCK
+ [ -r /proc/cmdline ]
+ cat /proc/cmdline
+ [ ]
+ break
+ [ ]
+ . /lib/lsb/init-functions
+ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+ [ -r /lib/lsb/init-functions.d/20-left-info-blocks ]
+ . /lib/lsb/init-functions.d/20-left-info-blocks
+ FANCYTTY=
+ [ -e /etc/lsb-base-logging.sh ]
+ . /etc/lsb-base-logging.sh
+ FANCYTTY=0
+ test 1 != 0
+ log_daemon_msg Restarting HTTPS SNI proxy sniproxy
+ [ -z Restarting HTTPS SNI proxy ]
+ log_daemon_msg_pre Restarting HTTPS SNI proxy sniproxy
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 0 ]
+ true
+ false
+ [ -z sniproxy ]
+ /bin/echo -n Restarting HTTPS SNI proxy: sniproxy
Restarting HTTPS SNI proxy: sniproxy+ log_daemon_msg_post Restarting HTTPS SNI proxy sniproxy
+ :
+ do_stop
+ basename /usr/sbin/sniproxy
+ start-stop-daemon --stop --quiet --pidfile /var/run/sniproxy.pid --retry=TERM/30/KILL/5 --name sniproxy
+ RETVAL=0
+ [ 0 = 2 ]
+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sniproxy.pid --retry=0/30/KILL/5 --exec /usr/sbin/sniproxy
+ [ 0 = 2 ]
+ return 0
+ do_start
+ start-stop-daemon --start --quiet --pidfile /var/run/sniproxy.pid --exec /usr/sbin/sniproxy --test
+ start-stop-daemon --start --quiet --pidfile /var/run/sniproxy.pid --exec /usr/sbin/sniproxy --
+ log_end_msg 0
+ [ -z 0 ]
+ local retval
+ retval=0
+ log_end_msg_pre 0
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 0 ]
+ true
+ false
+ log_use_fancy_output
+ TPUT=/usr/bin/tput
+ EXPR=/usr/bin/expr
+ [ -t 1 ]
+ [ xxterm != x ]
+ [ xxterm != xdumb ]
+ [ -x /usr/bin/tput ]
+ [ -x /usr/bin/expr ]
+ /usr/bin/tput hpa 60
+ /usr/bin/tput setaf 1
+ [ -z 0 ]
+ true
+ false
+ RED=
+ YELLOW=
+ NORMAL=
+ [ 0 -eq 0 ]
+ echo .
.
+ log_end_msg_post 0
+ :
+ return 0
+ :maybe it has something to do with the permissions... when i start sniproxy by hand, it runs with root.
JustMe0815
commented
10 years ago i get another error what i can see now
/etc/init.d/sniproxy restart
Restarting HTTPS SNI proxy: sniproxysniproxy: connection.c:282: connection_cb: Assertion `((0 + ((ev_watcher *)(void *)(client_watcher))->active) && con->client.watcher.events) || ((0 + ((ev_watcher *)(void *)(server_watcher))->active) && con->server.watcher.events)' failed.
/etc/init.d/sniproxy: line 41: 21432 Aborted start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_ARGS
failed!sniproxy will drop privileges to whatever user is specified in the config file (I'm running mine as nobody).
I'll poke at that connection.c assertion this afternoon, I think I know how its getting there.
dlundquist
commented
10 years ago @JustMe0815 I suspect there is some debug level log message we are missing. Could you verify you have syslog configured to collect debug messages from sniproxy, or enable a debug level error log with the following in your config file:
error_log {
filename /tmp/sniproxy_error.log
priority debug
}On the assert front, are you using a local nameserver or a remote one? That error sounds like the client input buffer filled up before the DNS query response was received. I'm going fix that logic, but for performance and security its best to use a local caching resolver.
dlundquist
commented
10 years ago @JustMe0815 I opened #83 for the assertion failure you reported.
Any luck with the logs determining why sniproxy doesn't start with the init script? Based on the output of sh -x /etc/init.d/sniproxy start it looks like it was invoked by start-stop-daemon, but exited without any output.
JustMe0815
commented
10 years ago the log does say
Apr 10 01:02:30 myhost sniproxy[10339]: Parsed .*\.* *:80
Apr 10 01:02:30 myhost sniproxy[10339]: Parsed .*\.* *:443that's it.
JustMe0815
commented
10 years ago very good, the latest commit fixed it for me, and i changed the user to nobody like you said. :+1:
dlundquist
commented
10 years ago It sounds like this issue is resolved, I'm going to go ahead and close this issue.
Boydon
commented
9 years ago I just had the very same problem and I solved modifying the /etc/default/sniproxy file like this
# Defaults for sniproxy initscript
# This file has two functions:
# 1) to completely disable starting sniproxy,
# 2) to select an alternative config file
# by setting DAEMON_ARGS to -c <file>
# Additional options that are passed to the Daemon.
DAEMON_ARGS="-c /etc/sniproxy.conf"
# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.
ENABLED=1By default the daemon is disabled and configuration file is commented
# Defaults for sniproxy initscript
# This file has two functions:
# 1) to completely disable starting sniproxy,
# 2) to select an alternative config file
# by setting DAEMON_ARGS to -c <file>
# Additional options that are passed to the Daemon.
# DAEMON_ARGS="-c /etc/sniproxy.conf"
# Whether or not to run the sniproxy daemon; set to 0 to disable, 1 to enable.
ENABLED=0
Hi there,
with the latest commit, sniproxy only works with sniproxy -f and not as a daemon in init.d
no error, nothing.