Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dansguardian 2.12.0.3 Signal 11

    Scheduled Pinned Locked Moved pfSense Packages
    89 Posts 8 Posters 38.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      LokisMischief
      last edited by

      Cheers,

      It seems to require squid 3.4 among other things.

      Anyway, I get the follwing error when starting it.

      Config problem; check allowed values for pcontimeout
      
      

      Yet to find an error in one of the conf files… I presume its complaining about the proxy connection timeout value... but that's set to 30 by default anyway.

      1 Reply Last reply Reply Quote 0
      • L
        LokisMischief
        last edited by

        oops, seems dansguardian needs three new values in the conf file come 2.12.0.4

        # Proxy timeout
        # Set tcp timeout between the Proxy and DansGuardian
        # Min 5 - Max 100
        proxytimeout = 20
        
        # Proxy header exchange
        # Set timeout between the Proxy and DansGuardian
        # Min 20 - Max 300
        proxyexchange = 20
        
        # Pconn timeout
        # how long a persistent connection will wait for other requests
        # squid apparently defaults to 1 minute (persistent_request_timeout),
        # so wait slightly less than this to avoid duff pconns.
        # Min 5 - Max 300
        pcontimeout = 55
        

        First signs are promising, no sig 11 yet.

        1 Reply Last reply Reply Quote 0
        • L
          LokisMischief
          last edited by

          Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?

          May 7 13:32:49	dansguardian[7775]: Auth plugin returned error code: -3
          May 7 13:32:49	dansguardian[7775]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:48	dansguardian[10252]: Auth plugin returned error code: -3
          May 7 13:32:48	dansguardian[10252]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:48	dansguardian[30017]: Auth plugin returned error code: -3
          May 7 13:32:48	dansguardian[30017]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:48	dansguardian[29811]: Auth plugin returned error code: -3
          May 7 13:32:48	dansguardian[29811]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:42	dansguardian[9835]: Auth plugin returned error code: -3
          May 7 13:32:42	dansguardian[9835]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:42	dansguardian[12316]: Auth plugin returned error code: -3
          May 7 13:32:42	dansguardian[8234]: Auth plugin returned error code: -3
          May 7 13:32:42	dansguardian[8234]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:42	dansguardian[12316]: NTLM - Invalid message of length 42, message was: NTLMSSP
          May 7 13:32:42	dansguardian[9390]: Auth plugin returned error code: -3
          May 7 13:32:42	dansguardian[9390]: NTLM - Invalid message of length 42, message was: NTLMSSP
          May 7 13:32:41	dansguardian[11054]: Auth plugin returned error code: -3
          May 7 13:32:41	dansguardian[11054]: NTLM - Invalid message of length 0, message was:
          May 7 13:32:18	dansguardian[8848]: Auth plugin returned error code: -3
          May 7 13:32:18	dansguardian[8848]: NTLM - Invalid message of length 42, message was: NTLMSSP
          May 7 13:27:07	dansguardian[48709]: Auth plugin returned error code: -3
          May 7 13:27:07	dansguardian[48709]: NTLM - Invalid message of length 0, message was:
          May 7 13:27:07	dansguardian[49351]: Auth plugin returned error code: -3
          May 7 13:27:07	dansguardian[49351]: NTLM - Invalid message of length 0, message was:
          
          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            @LokisMischief:

            Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?

            Do you have ntlm auth set? I'ts working and logging some failures or it's not working?

            This version is compiled for high load, do you think it's running faster?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • F
              Fredb
              last edited by

              A link with ? https://bugzilla.mozilla.org/show_bug.cgi?id=828236

              1 Reply Last reply Reply Quote 0
              • L
                LokisMischief
                last edited by

                @marcelloc:

                @LokisMischief:

                Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?

                Do you have ntlm auth set? I'ts working and logging some failures or it's not working?

                This version is compiled for high load, do you think it's running faster?

                I do have ntlm auth set, did have it in conjunction with basic, but it doesnt seem to matter if thats enabled or not.
                NTLM auth is working, I am getting usernames in the logs, nobody has complained they cant get on yet… I wonder if its a piece of software attempting to auth..

                Well, it seems marginally faster. Still getting the occasional redirect not being followed. I have all the tunables in the dansguardian.conf set for "suggested for large site" settings.

                I wonder if I should upgrade squid.

                1 Reply Last reply Reply Quote 0
                • L
                  LokisMischief
                  last edited by

                  well, that worked yesterday (despite the ntlm auth errors), but today we are back to the same signal 11's.

                  I have gone back to 2.12.0.2 for now.

                  1 Reply Last reply Reply Quote 0
                  • R
                    rjcrowder
                    last edited by

                    I also have some of these errors - although it sounds like you're seeing it more often. I did a little googling and it seems that this issue with DG under freeBSD has existed for a long time. I didn't find any definitive answers, but most suggestions for fixing it centered around changing the DG settings - such as max children, max spare children, and max age of children. I bumped some of these settings up yesterday and will let you know the results…

                    @LokisMischief:

                    well, that worked yesterday (despite the ntlm auth errors), but today we are back to the same signal 11's.

                    I have gone back to 2.12.0.2 for now.

                    1 Reply Last reply Reply Quote 0
                    • F
                      Fredb
                      last edited by

                      With the latest version you can adjust maxchildren (maximun value) with your system
                      For example on linux :

                      ulimit -n 8192 -> new ./configure option = with-filedescriptors=8192 = dansguardian.conf maxchildren=8192

                      Maybe this is a clue ? Perhaps this version was compiled with too much high value for the system ? Can you play with ulimit ?
                      How many process are running when the crash appear ? ps -edf | grep dansguard | wc -l

                      1 Reply Last reply Reply Quote 0
                      • L
                        LokisMischief
                        last edited by

                        @Fredb:

                        With the latest version you can adjust maxchildren (maximun value) with your system
                        For example on linux :

                        ulimit -n 8192 -> new ./configure option = with-filedescriptors=8192 = dansguardian.conf maxchildren=8192

                        Maybe this is a clue ? Perhaps this version was compiled with too much high value for the system ? Can you play with ulimit ?
                        How many process are running when the crash appear ? ps -edf | grep dansguard | wc -l

                        Well you can adjust the max/min children in the conf file, but it didn't seem to make much difference, same config file with the previous version (minus the bits added for that particular version) works. I'm afraid I cant count the processes, rolled back to 2.12.0.2 and don't currently have a dev box running only production.
                        If I get a chance I will run up a vm for it "later"

                        1 Reply Last reply Reply Quote 0
                        • R
                          rjcrowder
                          last edited by

                          @LokisMischief:

                          Well you can adjust the max/min children in the conf file, but it didn't seem to make much difference, same config file with the previous version (minus the bits added for that particular version) works. I'm afraid I cant count the processes, rolled back to 2.12.0.2 and don't currently have a dev box running only production.
                          If I get a chance I will run up a vm for it "later"

                          Yea, I'm still having he problem. About ever other day I get a half dozen or so DG processes ending with signal 11. Are you saying one of the versions doesn't do this? If so, which one?

                          1 Reply Last reply Reply Quote 0
                          • F
                            Fredb
                            last edited by

                            Signal 11 means that the program accessed a memory location that was not assigned to it, the strange thing that there is no problem in Linux (with dansguardian 2.12.0.5)

                            Please, Can you post your maxchildren value ? More than 1024 ?
                            And if someone know the value of FD_SETSIZE in types.h (or posix_types.h) and typesizes.h with FreeBSD ?
                            Also can you post the compilation option (dansguardian -v)

                            No problem at all with 2.12.0.2 ?

                            Thanks

                            1 Reply Last reply Reply Quote 0
                            • R
                              rjcrowder
                              last edited by

                              @Fredb:

                              Signal 11 means that the program accessed a memory location that was not assigned to it, the strange thing that there is no problem in Linux (with dansguardian 2.12.0.5)

                              Please, Can you post your maxchildren value ? More than 1024 ?
                              And if someone know the value of FD_SETSIZE in types.h (or posix_types.h) and typesizes.h with FreeBSD ?
                              Also can you post the compilation option (dansguardian -v)

                              No problem at all with 2.12.0.2 ?

                              Thanks

                              Based on some notes here http://contentfilter.futuragts.com/wiki/doku.php?id=faq (see FAQ 26b)
                              I have bumped the following sysctl values (in loader.conf.local):
                               kern.ipc.shmseg=512
                               kern.ipc.shmmni=512
                               kern.ipc.semmni=512
                               kern.ipc.msgssz=64
                               kern.ipc.shm_use_phys=1

                              at the moment, I have maxchildren set to 120 and maxsparechildren at 48

                              1 Reply Last reply Reply Quote 0
                              • M
                                mschiek01
                                last edited by

                                I am running 2.12.0.3 pkg v.0.1.7_3 and have not seen this issue at all.

                                All of the setting I am using are the default.

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by

                                  @mschiek01:

                                  I am running 2.12.0.3 pkg v.0.1.7_3 and have not seen this issue at all.

                                  mschiek01 told me some time ago an issue with a specific perl version.

                                  Try to unistall package, remove all perl versions using pkg_delete on console and then try a dansguardian package reinstall.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • L
                                    L_P
                                    last edited by

                                    I'm also suffering this issue.

                                    Lots of Signal 11 messages show up when the system is under load - about 40 office users with normal daily activities such as web browsing, email,…

                                    I am using 2.0.2-RELEASE (i386) with patched Dans for web uploads

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      rjcrowder
                                      last edited by

                                      @rjcrowder:

                                      Based on some notes here http://contentfilter.futuragts.com/wiki/doku.php?id=faq (see FAQ 26b)
                                      I have bumped the following sysctl values (in loader.conf.local):
                                       kern.ipc.shmseg=512
                                       kern.ipc.shmmni=512
                                       kern.ipc.semmni=512
                                       kern.ipc.msgssz=64
                                       kern.ipc.shm_use_phys=1

                                      at the moment, I have maxchildren set to 120 and maxsparechildren at 48

                                      Still getting them…

                                      I'm not really wanting to try a "reinstall" though... This is a fresh install of pfSense 2.0.3 64 bit and the only packages that I've added are:

                                      • Cron

                                      • File Manager

                                      • vHosts

                                      • Dansguardian

                                      • Squid 3

                                      I'm currently using the patched dansguardian 2.12.0.3 (just copied over the executable).

                                      1 Reply Last reply Reply Quote 0
                                      • F
                                        Fredb
                                        last edited by

                                        Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid

                                        1 Reply Last reply Reply Quote 0
                                        • marcellocM
                                          marcelloc
                                          last edited by

                                          @Fredb:

                                          Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid

                                          I'll compile it and push to my repo.

                                          Fredb, nice to see you on pfsense forum  :)

                                          Most work I did on dansguardian 2.12 was for this package on pfsense.

                                          Treinamentos de Elite: http://sys-squad.com

                                          Help a community developer! ;D

                                          1 Reply Last reply Reply Quote 0
                                          • F
                                            Fredb
                                            last edited by

                                            Hi,
                                            Your work is included in "my" dansguardian version

                                            I hope, if I can …, rewrite the engine with kqueue for *BSD and epool for Linux and remove the old select() call, maybe this point is a part of problem signal 11

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.