Pfsense ошибка протокола icap

This topic has been deleted. Only users with topic management privileges can see it.

• Hi There
  I’m running pfSense since very long time, and now the subjected issue started since a month.

  I’ve tried multiple options, but no luck, the following is my configuration:

  pfSense Version 2.3.4-RELEASE-p1
  Intel Core i5 — 3 GHz
  4 GB RAM (and it’s not even crossing 50%)
  500 GB HDD

  Squid 0.4.37 with C-ICAP and CalmAV enabled

  • Transparent Proxy (only on HTTP)
  • No Remote Cache

  Kindly help me in this regard.
  Thanx in Advance.

• Same problem here, the issue started since a month as well.

  Nothing to find in the logs, it just happens at random times.

  2.3.4-RELEASE-p1 (amd64)
  built on Fri Jul 14 14:52:43 CDT 2017
  FreeBSD 10.3-RELEASE-p19

  Squid Version 3.5.26, ClamAV 0.99.2_3, C-ICAP 0.4.4,2 +  SquidClamav 6.16

  2x Intel(R) Xeon(R) CPU X5570 @ 2.93GHz
  32 GB ECC RAM
  600 GB HDD Raid 10

  Temporary workaround is to set bypass=on, so at least the users don’t get annoyed by the «ICAP Protocol Error» message.

• Same here, randomly happened to me tonight.  Updating SquidAV seemed to have resolved the issue.  From some quick Googling, it looks like a number of people have experienced this issue but there isn’t a real solution nor a reason why this occurs.

• Here’s a «me too».

  However, I can sort of duplicate the problem or pinpoint at least one cause of it. I recently changed the proxy configuration of our email security gateway from our previous proxy to squid on PfSense, and since then the issue happens at least every second day, and apparently when the email gateway updates it’s AV definition files via the proxy.

  Interestingly, restarting clamav or ICAP doesn’t help solving the issue, the only way to get it up again is to restart squid as a whole.

• @ccdmas:

  and apparently when the email gateway updates it’s AV definition files via the proxy.

  Ugh. You should NOT download antivirus defs via the proxy with ClamAV in the first place. It will trigger false positives and cause other issues.

• Quite seriously: You need to see more of the real world out there. LOading AV defs through a http proxy is absolutely normal every day business everywhere. Are you saying to die until restart is acceptable behaviour? ::)

• I also have the same issue, where do you turn on ByPass?

• Same issue here, squid at random times can no longer connect to ICAP. Any ideas what could it be?

• Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(???)

  • PFSense installed on ‘thrid party’ pc hardware works normally.
  • Restarting ClamAV works for some hours and then protocol errors appear again.
  • Updating ClamAV once a day lowered to once a week -> no difference
  • Bypassing will prevent this ICAP protocol error but is not really a solution.

  Thanks,
  Imp

Server.log:

Tue Oct 17 22:00:10 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:00:12 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:00:12 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4…
Tue Oct 17 22:00:13 2017, 14669/348217344, recomputing istag …
Tue Oct 17 22:00:13 2017, 15001/348217344, recomputing istag …
Tue Oct 17 22:00:13 2017, 15222/348217344, recomputing istag …
Tue Oct 17 22:05:53 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:10:14 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:10:14 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4…
Tue Oct 17 22:10:49 2017, 68377/687955968, recomputing istag …
Tue Oct 17 22:10:49 2017, 68409/687955968, recomputing istag …
Tue Oct 17 22:10:49 2017, 68251/687955968, recomputing istag …

Access.log:

17/Oct/2017:22:00:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:04:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:16:28 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:20:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:23:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:26:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:29:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:33:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:36:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:40:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:44:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:48:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:52:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:55:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:00:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:04:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:10:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:15:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:20:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:25:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:30:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:33:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:36:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404

brig77
Новичок

Зарегистрирован: 11.12.2006
Пользователь #: 48,071
Сообщения: 23

Источник

squid+drweb icapd отваливается

#1 parel77

Имеется squid 3.1 + drweb icapd

Все крутиться на одном хосте

Запускаю , некотрое время все работает хорошо , но спустя вообще отваливается drweb-icapd и с ошибками в логе messages

Oct 1 12:03:01 proxy drweb-icapd [20657]: INFO Start Dr.Web ® icapd ver 6.0.2.2
Oct 1 12:34:51 proxy drweb-icapd [20657]: INFO Received SIGHUP signal
Oct 1 12:34:53 proxy drweb-icapd [20657]: INFO Connected to unix socket: unix(«/var/drweb/run/.daemon»)
Oct 1 12:44:23 proxy drweb-icapd [20657]: ERROR pselect: Нет дочерних процессов

и squid вообще уже не работает и появляется ошибка icap сервер недоступен

С саппортом общался , но так и не смогли решить вопрос

если закомментить строки в squid.conf

#Drweb-icap
#————————————————————————————
# icap_enable on
# icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/request
# adaptation_access service_req allow all
# icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/response
# adaptation_access service_resp allow all
#———————————————————————————

#2 Igorn

Источник

Hi There
I’m running pfSense since very long time, and now the subjected issue started since a month.

I’ve tried multiple options, but no luck, the following is my configuration:

pfSense Version 2.3.4-RELEASE-p1
Intel Core i5 — 3 GHz
4 GB RAM (and it’s not even crossing 50%)
500 GB HDD

Squid 0.4.37 with C-ICAP and CalmAV enabled

• Transparent Proxy (only on HTTP)
• No Remote Cache

Kindly help me in this regard.
Thanx in Advance.

Same problem here, the issue started since a month as well.

Nothing to find in the logs, it just happens at random times.

2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19

Squid Version 3.5.26, ClamAV 0.99.2_3, C-ICAP 0.4.4,2 + SquidClamav 6.16

2x Intel(R) Xeon(R) CPU X5570 @ 2.93GHz
32 GB ECC RAM
600 GB HDD Raid 10

Temporary workaround is to set bypass=on, so at least the users don’t get annoyed by the «ICAP Protocol Error» message.

Same here, randomly happened to me tonight. Updating SquidAV seemed to have resolved the issue. From some quick Googling, it looks like a number of people have experienced this issue but there isn’t a real solution nor a reason why this occurs.

However, I can sort of duplicate the problem or pinpoint at least one cause of it. I recently changed the proxy configuration of our email security gateway from our previous proxy to squid on PfSense, and since then the issue happens at least every second day, and apparently when the email gateway updates it’s AV definition files via the proxy.

Interestingly, restarting clamav or ICAP doesn’t help solving the issue, the only way to get it up again is to restart squid as a whole.

and apparently when the email gateway updates it’s AV definition files via the proxy.

Ugh. You should NOT download antivirus defs via the proxy with ClamAV in the first place. It will trigger false positives and cause other issues.

Quite seriously: You need to see more of the real world out there. LOading AV defs through a http proxy is absolutely normal every day business everywhere. Are you saying to die until restart is acceptable behaviour? ::)

I also have the same issue, where do you turn on ByPass?

Same issue here, squid at random times can no longer connect to ICAP. Any ideas what could it be?

Same here, re-appearing in 2.4.3-RELEASE-p1 on a Netgate SG-3100. Looks to me too high i/o(. )

• PFSense installed on ‘thrid party’ pc hardware works normally.
• Restarting ClamAV works for some hours and then protocol errors appear again.
• Updating ClamAV once a day lowered to once a week -> no difference
• Bypassing will prevent this ICAP protocol error but is not really a solution.

Источник

Adblock
detector

Здравствуйте, уважаемые!
Необходимо настроить проверку трафика http и ftp шлюза squid на вирусы. Выбрал протокол ICAP. Настроил по руководствам разработчиков ICAP и описаниям на нескольких сайтах. В результате браузер пишет следующее:
* ICAP protocol error.
Some aspect of the ICAP communication failed. Possible problems:
* ICAP server is not reachable.
* Illegal response from ICAP server.
Your cache administrator is root.
Generated Wed, 15 Aug 2007 13:58:15 GMT by adminserver (squid/2.6.STABLE1)

Далее привожу все мои настройки. Посмотрите, пожалуйста, в чем может крыться ошибка.

Версия c_icap: c_icap-030606rc1
Конфигурировал с параметрами: —prefix=/usr/local/c_icap —with=/usr/lib (так как читал, что icap не может существовать без библиотек clamav).

Squid поддерживает ICAP

Это конфмгурация squid:
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
acl Apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8 KB
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_dir ufs /var/spool/squid 1000 32 512
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl mynet src 192.168.0.0/24
http_access allow mynet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_effective_user squid
cache_effective_group squid
visible_hostname adminserver
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_1 reqmod_precache 0 icap://localhost:1344/reqmod
icap_service service_2 respmod_precache 0 icap://localhost:1344/respmod
icap_class class_1 service_1 service_2
icap_access class_1 allow all
logfile_rotate 12
error_directory /usr/lib/squid/errors/English
coredump_dir /var/spool/squid

Запуск icap в нормальном режиме:
[root@shluz bin]# ./c-icap
Initialization of echo module……
Initialization of url_check module……
LibClamAV Warning: ********************************************************
LibClamAV Warning: * This version of the ClamAV engine is outdated. *
LibClamAV Warning: * DON’T PANIC! Read http://www.clamav.net/faq.html *
LibClamAV Warning: ********************************************************
LibClamAV Warning: **************************************************
LibClamAV Warning: * The virus database is older than 7 days. *
LibClamAV Warning: * Please update it IMMEDIATELY! *
LibClamAV Warning: **************************************************
LibClamAV Warning: ********************************************************
LibClamAV Warning: * This version of the ClamAV engine is outdated. *
LibClamAV Warning: * DON’T PANIC! Read http://www.clamav.net/faq.html *
LibClamAV Warning: ********************************************************
LibClamAV Warning: Signature for Trojan.Small-3108 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for W32.Cervan requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Small-3169 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Small-3171 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for W32.Dwee-1 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Small-3184 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Small-3204 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Crypted-4 requires new ClamAV version. Please update!
LibClamAV Warning: Signature for Trojan.Packed-75 requires new ClamAV version. Please update!

Проверка результатов запуска:
[root@shluz bin]# netstat -apn | grep 1344
tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 6315/c-icap

[root@shluz bin]# netstat -apn | grep 1344
tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 6315/c-icap
tcp 0 0 127.0.0.1:42004 127.0.0.1:1344 TIME_WAIT —
tcp 0 0 127.0.0.1:34943 127.0.0.1:1344 TIME_WAIT —
tcp 0 1 59.109.39.117:51640 69.25.27.173:1344 SYN_SENT 6482/(squid).

[root@shluz bin]# netstat -apn | grep c-icap
tcp 0 0 0.0.0.0:1344 0.0.0.0:* LISTEN 11381/c-icap
unix 2 [ ] DGRAM 85200 11381/c-icap

Это файл конфигурации c_icap:
PidFile /var/run/c-icap.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads 10
MaxSpareThreads 20
ThreadsPerChild 10
MaxRequestsPerChild 0
Port 1344
User squid
Group squid
TmpDir /var/tmp
MaxMemObject 131072
ServerLog /usr/local/c_icap/var/log/server.log
AccessLog /usr/local/c_icap/var/log/access.log
ModulesDir /usr/local/c_icap/lib/c_icap
Module logger sys_logger.so
Module perl_handler perl_handler.so
sys_logger.Prefix «C-ICAP:»
sys_logger.Facility local1
Logger /usr/local/c_icap/var/log
acl localnet_respmod src 127.0.0.1 type respmod
acl localnet src 127.0.0.1
acl externalnet src 0.0.0.0/0.0.0.0
icap_access allow localnet_respmod
icap_access allow localnet
icap_access deny externalnet
ServicesDir /usr/local/c_icap/lib/c_icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M
srv_clamav.MaxObjectSize 5M
srv_clamav.ClamAvTmpDir /var/tmp
srv_clamav.ClamAvMaxFilesInArchive 0
srv_clamav.ClamAvMaxFileSizeInArchive 100M
srv_clamav.ClamAvMaxRecLevel 5
srv_clamav.VirSaveDir /tmp/virusstor/
srv_clamav.VirHTTPServer «http://fortune/cgi-bin/get_file.pl?usename=%f­&remove=1­&file=­»­;
srv_clamav.VirUpdateTime 15
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

Что пишет лог c_icap (фрагмент):
/usr/local/c_icap/var/log/server.log:
Fri Aug 17 10:41:01 2007, general, Service not found
Fri Aug 17 10:41:01 2007, general, Service not found
Fri Aug 17 10:41:06 2007, general, Service not found
Fri Aug 17 10:41:06 2007, general, Service not found

/usr/local/c_icap/var/log/access.log- пустой

С правами доступа кажется все нормально, хотя…
Возможно что-то упустил в описании проблемы. Может быть у кого-то успешно работает сервис ICAP, посмотрите, пожалуйста, в чем моя ошибка.
Буду очень признателен за посильную помощь!
Спасибо!

Не хочет с-icap почему-то принимать соединения.

сквид 3.1.10 и c-icap-060708_2,1 из портов

конфиги

 cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.84.0/24
acl localnet src 192.168.85.0/24
acl SSL_ports port 443
acl SSL_ports port 8443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?

cache_dir ufs /storage/squidcache 4096 64 256
maximum_object_size 512 KB

access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
icap_log /var/log/squid/icap.log
cache_store_log none
logfile_rotate 10

url_rewrite_program /usr/local/rejik/redirector /usr/local/etc/redirector.conf
url_rewrite_children 8
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|?)    0       0%      0
refresh_pattern .               0       20%     4320
visible_hostname server.local

icp_port 3130
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
icap_service service_avi_req reqmod_precache 0 icap://192.168.84.253/srv_clamav
icap_service service_avi respmod_precache 1 icap://192.168.84.253/srv_clamav
adaptation_service_set service_avi service_avi_req
adaptation_access  service_avi allow all
adaptation_access  service_avi_req allow all

икап, разрешено всем намеренно, в процессе поиска

 cat c-icap.conf | grep -v '^#' | sed '/^$/d'
cat: c-icap.conf: No such file or directory
niko-gw# cd /usr/local/etc
niko-gw# cat c-icap.conf | grep -v '^#' | sed '/^$/d'
PidFile /var/run/c-icap.pid
CommandsSocket /var/run/c-icap/c-icap.ctl
Timeout 300
KeepAlive On
MaxKeepAliveRequests 600
KeepAliveTimeout 600
StartServers 3
MaxServers 10
MinSpareThreads     10
MaxSpareThreads     20
ThreadsPerChild     10
MaxRequestsPerChild  0
Port 1344
User cicap
Group cicap
TmpDir /tmp/
MaxMemObject 131072
ServerLog /var/log/c_icap/server.log
AccessLog /var/log/c_icap/access.log
DebugLevel 1
ModulesDir /usr/local/lib/c_icap
Module logger sys_logger.so
sys_logger.Prefix "C-ICAP:"
sys_logger.Facility local1
Logger sys_logger
acl squid_respmod src 192.168.84.0/255.255.255.0 type respmod
acl squid_options src 192.168.84.0/255.255.255.0 type options
acl any src 0.0.0.0/0.0.0.0
icap_access allow squid_respmod
icap_access allow squid_options
icap_access allow any
ServicesDir /usr/local/lib/c_icap
Service echo_module srv_echo.so
Service url_check_module srv_url_check.so
Service antivirus_module srv_clamav.so
ServiceAlias  avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
srv_clamav.ScanFileTypes TEXT DATA EXECUTABLE ARCHIVE GIF JPEG MSOFFICE
srv_clamav.SendPercentData 5
srv_clamav.StartSendPercentDataAfter 2M
srv_clamav.MaxObjectSize  5M
srv_clamav.ClamAvTmpDir /tmp/
srv_clamav.ClamAvMaxFilesInArchive 0
srv_clamav.ClamAvMaxFileSizeInArchive 100M
srv_clamav.ClamAvMaxRecLevel 5
srv_clamav.VirSaveDir /var/infected
srv_clamav.VirHTTPServer  "DUMMY"
srv_clamav.VirUpdateTime   15
srv_clamav.VirScanFileTypes ARCHIVE EXECUTABLE

tcpdump обмена прокси и с-icap

 tcpdump -npi tap0 port 1344
tcpdump: WARNING: tap0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes
12:32:31.157214 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [S], seq 1466692851, win 65535, options [mss 1337,nop,wscale 3,sackOK,TS val 136294970 ecr 0], length 0
12:32:31.157389 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [S.], seq 187600070, ack 1466692852, win 65535, options [mss 1337,nop,wscale 3,sackOK,TS val 2911239331 ecr 136294970], length 0
12:32:31.161123 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [.], ack 1, win 8281, options [nop,nop,TS val 136294972 ecr 2911239331], length 0
12:32:31.161536 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [F.], seq 1, ack 1, win 8281, options [nop,nop,TS val 136294972 ecr 2911239331], length 0
12:32:31.161681 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [.], ack 2, win 8281, options [nop,nop,TS val 2911239336 ecr 136294972], length 0
12:32:31.162434 IP 192.168.84.253.1344 > 192.168.84.254.34482: Flags [F.], seq 1, ack 2, win 8281, options [nop,nop,TS val 2911239336 ecr 136294972], length 0
12:32:31.163591 IP 192.168.84.254.34482 > 192.168.84.253.1344: Flags [.], ack 2, win 8281, options [nop,nop,TS val 136294977 ecr 2911239336], length 0

Сквид в браузер пишет:

При получении URL http://dealextreme.com/ произошла следующая ошибка

Ошибка протокола ICAP.

Система вернула: [No Error]

Это означает, что какой-то этап связи по протоколу ICAP не удался.

Возможные проблемы:

Сервер ICAP недоступен

Получен недопустимый ответ от сервера ICAP.

Запуска c-icap в отладке:

 c-icap -D -N -d 10
Enabling parameter -D
Disabling parameter -N
Setting parameter :-d=10
Searching 0x805d02c for default value
Setting parameter :PidFile=/var/run/c-icap.pid
Searching 0x805d030 for default value
Setting parameter :CommandsSocket=/var/run/c-icap/c-icap.ctl
Searching 0x805d050 for default value
Setting parameter :Timeout=300
Searching 0x805d058 for default value
Setting parameter :MaxKeepAliveRequests=600
Searching 0x805d054 for default value
Setting parameter :KeepAliveTimeout=600
Searching 0x805d060 for default value
Setting parameter :StartServers=3
Searching 0x805d064 for default value
Setting parameter :MaxServers=10
Searching 0x805d06c for default value
Setting parameter :MinSpareThreads=10
Searching 0x805d070 for default value
Setting parameter :MaxSpareThreads=20
Searching 0x805d068 for default value
Setting parameter :ThreadsPerChild=10
Searching 0x805d864 for default value
Setting parameter :MaxRequestsPerChild=0
Searching 0x805d020 for default value
Setting parameter :Port=1344
Searching 0x805d034 for default value
Setting parameter :User=cicap
Searching 0x805d038 for default value
Setting parameter :Group=cicap
Searching 0x805d028 for default value
Setting parameter :TmpDir=/tmp/
Searching 0x805d844 for default value
Setting parameter :MaxMemObject=131072
Searching 0x805d3d0 for default value
Setting parameter :ServerLog=/var/log/c_icap/server.log
Searching 0x805d3d4 for default value
Setting parameter :AccessLog=/var/log/c_icap/access.log
Searching 0x805d85c for default value
Setting parameter :DebugLevel=1
Setting parameter :ModulesDir=/usr/local/lib/c_icap
Loading service :logger path sys_logger.so
Going to search variable Prefix in table sys_logger
Setting parameter :Prefix=C-ICAP:
Going to search variable Facility in table sys_logger
Setting parameter :Logger=sys_logger
Setting parameter :ServicesDir=/usr/local/lib/c_icap
Loading service :echo_module path srv_echo.so
Found handler C_handler for service with extension:.so
Loading service :url_check_module path srv_url_check.so
Found handler C_handler for service with extension:.so
Initialization of url_check module......
Loading service :antivirus_module path srv_clamav.so
Found handler C_handler for service with extension:.so
Alias:avscan of service srv_clamav
Going to search variable ScanFileTypes in table srv_clamav
Iam going to scan data for simple scanning of type:,GIF,JPEG,MSOFFICE,TEXT,DATA,EXECUTABLE,ARCHIVE
Going to search variable SendPercentData in table srv_clamav
Setting parameter :SendPercentData=5
Going to search variable StartSendPercentDataAfter in table srv_clamav
Setting parameter :StartSendPercentDataAfter=2097152
Going to search variable MaxObjectSize in table srv_clamav
Setting parameter :MaxObjectSize=5242880
Going to search variable ClamAvTmpDir in table srv_clamav
Setting parameter :ClamAvTmpDir=/tmp/
Going to search variable ClamAvMaxFilesInArchive in table srv_clamav
Setting parameter :ClamAvMaxFilesInArchive=0
Going to search variable ClamAvMaxFileSizeInArchive in table srv_clamav
Setting parameter :ClamAvMaxFileSizeInArchive=104857600
Going to search variable ClamAvMaxRecLevel in table srv_clamav
Setting parameter :ClamAvMaxRecLevel=5
Going to search variable VirSaveDir in table srv_clamav
Setting parameter :VirSaveDir=/var/infected
Going to search variable VirHTTPServer in table srv_clamav
Setting parameter :VirHTTPServer=DUMMY
Going to search variable VirUpdateTime in table srv_clamav
Setting parameter :VirUpdateTime=15
Going to search variable VirScanFileTypes in table srv_clamav
Iam going to scan data for vir_mode scanning of type:,EXECUTABLE,ARCHIVE
My hostname is:niko-gw.o56.ru

Вс это вываливается при запуске, в момент обращения к сквиду — ничо больше не пишет

Хотя си-икап виси и слушает порт:

cicap    c-icap     95318 3  tcp4   *:1344                *:*
cicap    c-icap     95318 4  dgram  -> /var/run/logpriv
cicap    c-icap     95317 3  tcp4   *:1344                *:*
cicap    c-icap     95317 4  dgram  -> /var/run/logpriv
cicap    c-icap     95316 3  tcp4   *:1344                *:*
cicap    c-icap     95316 4  dgram  -> /var/run/logpriv
cicap    c-icap     95315 3  tcp4   *:1344                *:*
cicap    c-icap     95315 4  dgram  -> /var/run/logpriv



Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
tcp4       0      0 *.1344                 *.*                    LISTEN