Dansguardian 2.12.0.3 Signal 11
-
Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?
May 7 13:32:49 dansguardian[7775]: Auth plugin returned error code: -3 May 7 13:32:49 dansguardian[7775]: NTLM - Invalid message of length 0, message was: May 7 13:32:48 dansguardian[10252]: Auth plugin returned error code: -3 May 7 13:32:48 dansguardian[10252]: NTLM - Invalid message of length 0, message was: May 7 13:32:48 dansguardian[30017]: Auth plugin returned error code: -3 May 7 13:32:48 dansguardian[30017]: NTLM - Invalid message of length 0, message was: May 7 13:32:48 dansguardian[29811]: Auth plugin returned error code: -3 May 7 13:32:48 dansguardian[29811]: NTLM - Invalid message of length 0, message was: May 7 13:32:42 dansguardian[9835]: Auth plugin returned error code: -3 May 7 13:32:42 dansguardian[9835]: NTLM - Invalid message of length 0, message was: May 7 13:32:42 dansguardian[12316]: Auth plugin returned error code: -3 May 7 13:32:42 dansguardian[8234]: Auth plugin returned error code: -3 May 7 13:32:42 dansguardian[8234]: NTLM - Invalid message of length 0, message was: May 7 13:32:42 dansguardian[12316]: NTLM - Invalid message of length 42, message was: NTLMSSP May 7 13:32:42 dansguardian[9390]: Auth plugin returned error code: -3 May 7 13:32:42 dansguardian[9390]: NTLM - Invalid message of length 42, message was: NTLMSSP May 7 13:32:41 dansguardian[11054]: Auth plugin returned error code: -3 May 7 13:32:41 dansguardian[11054]: NTLM - Invalid message of length 0, message was: May 7 13:32:18 dansguardian[8848]: Auth plugin returned error code: -3 May 7 13:32:18 dansguardian[8848]: NTLM - Invalid message of length 42, message was: NTLMSSP May 7 13:27:07 dansguardian[48709]: Auth plugin returned error code: -3 May 7 13:27:07 dansguardian[48709]: NTLM - Invalid message of length 0, message was: May 7 13:27:07 dansguardian[49351]: Auth plugin returned error code: -3 May 7 13:27:07 dansguardian[49351]: NTLM - Invalid message of length 0, message was: -
Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?
Do you have ntlm auth set? I'ts working and logging some failures or it's not working?
This version is compiled for high load, do you think it's running faster?
-
A link with ? https://bugzilla.mozilla.org/show_bug.cgi?id=828236
-
Well, so far a child process hasn't dropped out, however I now have a load of ntlm failed auth's?
Do you have ntlm auth set? I'ts working and logging some failures or it's not working?
This version is compiled for high load, do you think it's running faster?
I do have ntlm auth set, did have it in conjunction with basic, but it doesnt seem to matter if thats enabled or not.
NTLM auth is working, I am getting usernames in the logs, nobody has complained they cant get on yet… I wonder if its a piece of software attempting to auth..Well, it seems marginally faster. Still getting the occasional redirect not being followed. I have all the tunables in the dansguardian.conf set for "suggested for large site" settings.
I wonder if I should upgrade squid.
-
well, that worked yesterday (despite the ntlm auth errors), but today we are back to the same signal 11's.
I have gone back to 2.12.0.2 for now.
-
I also have some of these errors - although it sounds like you're seeing it more often. I did a little googling and it seems that this issue with DG under freeBSD has existed for a long time. I didn't find any definitive answers, but most suggestions for fixing it centered around changing the DG settings - such as max children, max spare children, and max age of children. I bumped some of these settings up yesterday and will let you know the results…
well, that worked yesterday (despite the ntlm auth errors), but today we are back to the same signal 11's.
I have gone back to 2.12.0.2 for now.
-
With the latest version you can adjust maxchildren (maximun value) with your system
For example on linux :ulimit -n 8192 -> new ./configure option = with-filedescriptors=8192 = dansguardian.conf maxchildren=8192
Maybe this is a clue ? Perhaps this version was compiled with too much high value for the system ? Can you play with ulimit ?
How many process are running when the crash appear ? ps -edf | grep dansguard | wc -l -
With the latest version you can adjust maxchildren (maximun value) with your system
For example on linux :ulimit -n 8192 -> new ./configure option = with-filedescriptors=8192 = dansguardian.conf maxchildren=8192
Maybe this is a clue ? Perhaps this version was compiled with too much high value for the system ? Can you play with ulimit ?
How many process are running when the crash appear ? ps -edf | grep dansguard | wc -lWell you can adjust the max/min children in the conf file, but it didn't seem to make much difference, same config file with the previous version (minus the bits added for that particular version) works. I'm afraid I cant count the processes, rolled back to 2.12.0.2 and don't currently have a dev box running only production.
If I get a chance I will run up a vm for it "later" -
Well you can adjust the max/min children in the conf file, but it didn't seem to make much difference, same config file with the previous version (minus the bits added for that particular version) works. I'm afraid I cant count the processes, rolled back to 2.12.0.2 and don't currently have a dev box running only production.
If I get a chance I will run up a vm for it "later"Yea, I'm still having he problem. About ever other day I get a half dozen or so DG processes ending with signal 11. Are you saying one of the versions doesn't do this? If so, which one?
-
Signal 11 means that the program accessed a memory location that was not assigned to it, the strange thing that there is no problem in Linux (with dansguardian 2.12.0.5)
Please, Can you post your maxchildren value ? More than 1024 ?
And if someone know the value of FD_SETSIZE in types.h (or posix_types.h) and typesizes.h with FreeBSD ?
Also can you post the compilation option (dansguardian -v)No problem at all with 2.12.0.2 ?
Thanks
-
Signal 11 means that the program accessed a memory location that was not assigned to it, the strange thing that there is no problem in Linux (with dansguardian 2.12.0.5)
Please, Can you post your maxchildren value ? More than 1024 ?
And if someone know the value of FD_SETSIZE in types.h (or posix_types.h) and typesizes.h with FreeBSD ?
Also can you post the compilation option (dansguardian -v)No problem at all with 2.12.0.2 ?
Thanks
Based on some notes here http://contentfilter.futuragts.com/wiki/doku.php?id=faq (see FAQ 26b)
I have bumped the following sysctl values (in loader.conf.local):
kern.ipc.shmseg=512
kern.ipc.shmmni=512
kern.ipc.semmni=512
kern.ipc.msgssz=64
kern.ipc.shm_use_phys=1at the moment, I have maxchildren set to 120 and maxsparechildren at 48
-
I am running 2.12.0.3 pkg v.0.1.7_3 and have not seen this issue at all.
All of the setting I am using are the default.
-
I am running 2.12.0.3 pkg v.0.1.7_3 and have not seen this issue at all.
mschiek01 told me some time ago an issue with a specific perl version.
Try to unistall package, remove all perl versions using pkg_delete on console and then try a dansguardian package reinstall.
-
I'm also suffering this issue.
Lots of Signal 11 messages show up when the system is under load - about 40 office users with normal daily activities such as web browsing, email,…
I am using 2.0.2-RELEASE (i386) with patched Dans for web uploads
-
Based on some notes here http://contentfilter.futuragts.com/wiki/doku.php?id=faq (see FAQ 26b)
I have bumped the following sysctl values (in loader.conf.local):
kern.ipc.shmseg=512
kern.ipc.shmmni=512
kern.ipc.semmni=512
kern.ipc.msgssz=64
kern.ipc.shm_use_phys=1at the moment, I have maxchildren set to 120 and maxsparechildren at 48
Still getting them…
I'm not really wanting to try a "reinstall" though... This is a fresh install of pfSense 2.0.3 64 bit and the only packages that I've added are:
-
Cron
-
File Manager
-
vHosts
-
Dansguardian
-
Squid 3
I'm currently using the patched dansguardian 2.12.0.3 (just copied over the executable).
-
-
Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid
-
Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid
I'll compile it and push to my repo.
Fredb, nice to see you on pfsense forum :)
Most work I did on dansguardian 2.12 was for this package on pfsense.
-
Hi,
Your work is included in "my" dansguardian versionI hope, if I can …, rewrite the engine with kqueue for *BSD and epool for Linux and remove the old select() call, maybe this point is a part of problem signal 11
-
2.12.0.6 compiled and pushed to my repo.
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/dansguardian-2.12.0.6.tbzi386
http://e-sac.siteseguro.ws/packages//8/All/dansguardian-2.12.0.6.tbzboth complied with maxfiles=8192
Also, I've removed squid ports compile depend. It will not force any squid version anymore.
-
Configuration files http://numsys.eu/dansguardian/
Requires
Proxy timeout
Set tcp timeout between the Proxy and DansGuardian
Min 5 - Max 100
proxytimeout = 20
Proxy header exchange
Set timeout between the Proxy and DansGuardian
Min 20 - Max 300
proxyexchange = 20
Pconn timeout
how long a persistent connection will wait for other requests
squid apparently defaults to 1 minute (persistent_request_timeout),
so wait slightly less than this to avoid duff pconns.
Min 5 - Max 300
pcontimeout = 55
Now you can can disabled some (if) unused values, like maxcontentramcachescansize, I think It should be interesting about signal 11 and a potential memory leak.
