Closed GoogleCodeExporter closed 9 years ago
Date: Fri, 23 Sep 2011 05:22:36 GMT Server: Apache Cache-Control:
s-maxage=3600, must-revalidate, max-age=0 Last-Modified: Thu, 22 Sep 2011
10:08:54 GMT Vary: Accept-Encoding Content-Length: 49408 Content-Type:
text/html; charset=utf-8 X-Cache: HIT from sq62.wikimedia.org X-Cache-Lookup:
HIT from sq62.wikimedia.org:3128 Age: 139 X-Cache: HIT from sq78.wikimedia.org
X-Cache-Lookup: HIT from sq78.wikimedia.org:80 Connection: Close
Above is another example ...
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 5:26
Original comment by mind....@gmail.com
on 23 Sep 2011 at 8:50
Hi there,
Were you guys aware of the error? Any ideas? Will a configuration change
maybe fix this?
Thanks!
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 8:53
We are just trying to reproduce this issue in order to determine what's
happens. We will update it soon.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 8:55
Sounds good. Let me know if you need more info. I can repro any piece that
we need to.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:00
Ok, I have some questions:
1) Is MinD installed at the same machine or in another one?
2) MinD is working on Transparent or Explicit Proxy?
3) Could you please provide us a traffic capture? (Don't worry about it if you
don't know what it is)
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:05
1) Another machine. There is one firewall server running that the Mac boxes
are behind.
2) Transparent
3) I can give a more full capture later. Do you want something at the level
of ngrep? Or at the level of tcpdump? Or if there is another method for
capture that you want provided, let me know.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:16
Just a tcpdump for your configured proxy port, at client or firewall machine,
is the same. And perform 2 o 3 navigations.
The tcpdump line must be like this:
tcpdump -i ethX tcp port 8080 -s0 -v -w /tmp/mind_capture.pcap
A few packets should be enough.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:25
Will do. I will send that over tonight. Thx.
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:29
Sorry for brother you, I have just another very important question:
Have you configured transparent proxy at mind.cfg configuration file?
transparentproxy = on
This is highly recommendable if you don't have any machine using MinD as
explicit proxy. On the other hand, you must not active this key if you have one
or more hosts using to MinD as explicit proxy.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:40
I do not have any machines connecting directly - all are transparent.
However, I don't believe I am setting that. What is the affect of setting
that?
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:51
This will speed up all proxy connections, and also the proxy will be less
intrusive, I'm not sure but, it is possible this configuration solves this
issue.
Original comment by mind....@gmail.com
on 23 Sep 2011 at 9:55
I will definitely give that a try and get back with you.
Thanks!
Spencer
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 9:57
One other question:
If using a single transparent, is this setting also important?
# Filter work mode:
# 0 - Simple Proxy: No other proxy is requered (recommended)
# Usefull for transparent proxy.
# 1 - Chained proxy: Like Dansguardian proxy. It also
# needs another parent proxy.
# 2 - ICAP mode: Acts as an ICAP server.
#
# Default: 0 (Simple proxy).
filterworkmode = 0
Will it improve performance to have that as 0?
Thanks!
On Fri, Sep 23, 2011 at 2:56 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 23 Sep 2011 at 10:56
transparentproxy setting didn't fix it. :( I put it in the main config and
restarted - didn't solve the problem.
I will run the dumps and get those in a few minutes .....
On Fri, Sep 23, 2011 at 3:56 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 12:35
If you need more dumps, just let me know.
Spencer
On Fri, Sep 23, 2011 at 6:14 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 5:48
First of all, thank you for supporting MinD.
filterworkmode at MinD-Toy version is a functional key, performance should not
be affected by this key configuration.
Please attach your captures. I have not been able to reproduce this issue yet.
Original comment by mind....@gmail.com
on 24 Sep 2011 at 7:00
I sent the captures before as an attachment. Are you not able to get
attachments? Due to the size of the dump, I am unable to just paste the
text into the email. Let me know the best way to get them to you.
To repro:
Setup a mindwebfilter box running transparent proxy as the firewall. We are
using ours as the router + iptable rules routing to mindwebfilter. Then
connect an Apple machine running Mac OSX (we have tried Power PC and Intel
based Macs) behind this box. Breaks pages coming thru Safari on Mac OSX.
Mac OSX + FF or Chrome works great. But on Safari it is
immediately noticeable that it breaks.
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 10:19
One other thing: I tested with the transparentproxy setting on, and then
tested with it commented out. I didn't see any performance gain in my
filtering benchmarks. The pages that I sent thru with the setting on, and
the setting off were the same. Should I have been seeing a difference?
Spencer
On Sat, Sep 24, 2011 at 3:19 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 24 Sep 2011 at 10:39
Were you able to get the attachments? If not, I will try and paste into the
body of the email. But before it was so much data (2 MB) that it wouldn't
let me paste into the email. But let me know, and I will try to pick the
relevant data.
On Sat, Sep 24, 2011 at 3:36 PM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 26 Sep 2011 at 2:23
I was sending these via email. I went to the website and attached the dump ....
Original comment by spencer....@gmail.com
on 26 Sep 2011 at 3:41
Attachments:
Any luck? Any ideas of something I could recompile and try? Even hints
would be greatly welcomed and I can dig into pieces of the code and give it
a try. I am a developer ....
Thanks!
Spencer
On Mon, Sep 26, 2011 at 7:23 AM, Spencer Thomason <
spencer.thomason@gmail.com> wrote:
Original comment by spencer....@gmail.com
on 27 Sep 2011 at 5:33
Original comment by mind....@gmail.com
on 28 Sep 2011 at 8:55
I have reproduced this issue. We are working to solve it as soon as possible.
Thanks for supporting MinD.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 3:17
Original comment by mind....@gmail.com
on 29 Sep 2011 at 3:50
We found the fix, and have been running it for 24 hours. It seems to fix
the problem on the Mac + Safari, and doesn't seem to break anything
elsewhere:
In HTTPHeader.cpp, change this:
Line 1408 (I think)
l = header.front() + "\r\n";
to this:
l = header.front();
if (!(l.endsWith("\r") || l.endsWith("\n"))) {
l += "\r\n";
} else {
if (l.endsWith("\r")) {
l += "\n";
}
}
Seems to be working great now!
Thanks!
Original comment by spencer....@gmail.com
on 29 Sep 2011 at 4:50
Solved: commit r85 - Thanks to Spencer.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:14
Thank you very much. Your fix has solved 3 issues. Those issues were blocking
the MinD-Toy v1.1 release. Now we will generate a new package.
Thanks again for supporting MinD.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:20
Very curious - what are the other 3 issues? It will be helpful to know what
the other issues are.
Original comment by spencer....@gmail.com
on 29 Sep 2011 at 9:23
Issues #23, #30, #31 were solved by you.
Original comment by mind....@gmail.com
on 29 Sep 2011 at 9:33
Original issue reported on code.google.com by
spencer....@gmail.com
on 23 Sep 2011 at 4:59