This appendix defines the errors the proxy sends to the error log file. The errors are categorized:
catastrophe is a fatal error, a software crash, or other serious error that causes the client to receive no service, partial service, or totally invalid service.
failure means something failed, but the proxy handled the error.
inform is an informational log entry.
misconfig means something was misconfigured either in magnus.conf or obj.conf.
warning flags something that could be misconfigured.
security is information or a warning that indicates if there's reason to believe that someone is trying to intrude through the proxy.
cache file size not in sync with cache info
The system suddenly went down or the filesystem became full during the cache write, or the cache file has otherwise been truncated. Normally the proxy notices any abnormal conditions, but if an outside agent causes cache files to become corrupt, the proxy will issue this message. The corrupt cache file will be removed, and a new one created during the next request.
filesystem is full
The cache filesystem has become full. The proxy will halt any cache writes, and an attempt is made to signal the garbage collector to activate immediately. Cache writes are resumed after the condition no longer persists. Consider allocating more space to the cache system.
cannot open file .../.cache-size for writing—the cache may overflow if the condition persists
The proxy failed to write the current cache size to the file that contains it. This could be a temporary condition, but if it persists the proxy will not be able to keep track of its cache size. This can cause the cache to overflow on high impact systems. It's possible the write permissions aren't correct for the user account the proxy uses.
cannot read header section from the cache file
The cache file is truncated, or permissions are such that the cache file cannot be read. Care should be taken that the cache hierarchy is entirely readable and writable by the proxy user.
caught SIGSEGV or SIGBUS, trying to dump core in admin/config
The proxy encountered an internal software error. Contact Netscape Communications for help with this error. If you rarely encounter this error and it doesn't affect the proxy service, you can ignore this message.
failed to write cache status file
The write to the cache data directory ([CacheRoot]/.mc-data) failed. The condition might be temporary (for example, it was caused by a full filesystem), but if it persists, the proxy might stop caching until the situation is fixed. It's possible the permissions for the proxy's user account aren't specified correctly.
filesystem permission problem in subdir .mc-data under Cache Root
The filesystem permissions are wrong under the [CacheRoot]/.mc-data. Care should be taken that the entire CacheRoot directory and recursively all its subdirectories are readable and writable by the proxy user.
SOCKS request read failed
Client disconnected before the SOCKS request was entirely received by the proxy.
accept failed on the bound socket (...)
The SOCKS daemon failed to establish the connection from a remote server, requested by the client (SOCKS BIND request).
no port number specified for host…
bad port number specified in …
Proxy received an invalid SSL proxying request (CONNECT method with number or a bad port number).
cache write aborted
Cache write was aborted because the remote server failed to send the entire document, the client disconnected, or some other error condition occurred.
called with no hostname or address (or corrupt) [SSL proxy]
Proxy received an invalid SSL proxying request.
can't create socket (...)
can't bind (...)
can't connect (...)
can't get peer name (...)
can't get socket name (...)
can't make ... connection non-blocking
can't make client socket non-blocking (...)
can't make connection to ... non-blocking
can't make identd connection non-blocking (...)
connect failed (...)
connect to ... failed (...)
timed out sending ident request
The SSL proxying module or the SOCKS daemon couldn't successfully execute the system call in question, as part of establishing a connection to either a remote host or a remote identity daemon (identd).
can't connect to identd at ... -- access denied
Remote host is not running the identity daemon, and strict identity check is enabled.
can't connect to identd at ... -- error ignored
Remote host is not running the identity daemon, but loose identity check allows the request to be serviced.
can't find username from ident daemon response (...)
can't parse response from ident daemon (...)
The SOCKS daemon received a bad response from the remote identity daemon.
can't locate SOCKS host
The SSL proxy module is unable to locate the SOCKS host it has been configured to contact to establish outbound connections.
can't locate host ...
The SSL proxy module is unable to locate the remote host.
can't open SOCKD log ...
Can't open the separate SOCKS daemon log file.
cannot create lock file ... (...)
The proxy failed to create a lock file; this might happen if the system resources are exhausted or the machine load is so high that the process holding the lock cannot get it. In the short term this error is harmless, and the proxy will automatically recover from it. However, if the condition persists for long periods of time it might cause cache overflow or other abnormal behavior. Check the permissions for the proxy's user account and the files under the cache root directory.
cannot open ... for writing -- caching disabled as long as error persists
cannot open cache output file ...
cannot open file .../.cache-size for appending - the cache may overflow if the condition persists
cannot open gc pid file -- cannot signal gc
cannot remove file ... -- may cause disk full detection to fail
The filesystem permissions under the cache root or the server root are wrong so that the proxy cannot open the cache file for writing. On a heavily loaded system this can also be caused by a temporary failure to do disk I/O, in which case this error might be ignored unless the condition persists. In the long-term this error may cause malfunction of the caching subsystem and the garbage collector.
cannot signal gc pid ...; running start-proxy to respawn gc
After the filesystem full condition, the garbage collector couldn't be signaled to start garbage collection. The proxy will automatically attempt to spawn a new garbage collector process.
connection timed out after ... seconds idle
The SSL proxy or SOCKS connection has been idle too long.
content-length mismatch; too many bytes received
The proxy received an incorrect amount of data while it was writing to the cache file. This is due to erroneous behavior on the remote server side, and causes the cache file to be discarded.
disconnected by client/server/timeout/internal error condition with ... bytes in/outbound data undelivered
SOCKS or SSL proxying connection was terminated prematurely by one of the parties before all the pending data was transferred.
failed to send ident request (sent ... bytes out of ...)
The SOCKS daemon was unable to send the identity check request to the remote identity daemon.
internal netlib timeout; process terminated
Proxy retrieval lasted too long. This is an internal timeout that cleans up processes that suddenly get blocked due to an unexpected error in the network or one of the proxy subsystems.
method without URI
The client sent an invalid proxy request.
proxy retrieve failed: ...
A generic message when the retrieval failed due to a mistyped URL, a non-existing hostname, unreachable host or network, disabled or overloaded server, or other unexpected network error.
proxy timeout; closing connection
The proxy didn't receive any data from the remote server within the proxy timeout period.
remote closed the connection prematurely (timeout?)
The remote server closed the connection before all the data was received, causing the cache write to abort and discard the cache file.
select over the two connections failed (...)
Unexpected error in SOCKD or SSL proxying module while passing data through the proxy.
unknown SOCKS command (...)
The proxy received a bad or unsupported SOCKS command.
while scanning proxy HTTP headers, ...
An error occurred while reading the request headers from the client.
wrong SOCKS protocol version (...)
The proxy received a SOCKS request that is not supported in the current version (Netscape Proxy 1.1 supports SOCKS version 4).
... already locked
The cache file is already locked—another process is already writing the cache file. This is merely informative, not an error.
SOCKD logging shutting down
SOCKD logs to a separate file…in extended common log file format
SOCKD logs to a separate file…in traditional SOCKD SYSLOG format
cache-size sync in progress; abandoning scheduled sync
cache-size sync lock timed out; breaking it
removing timed-out lock file…
signalled gc to start immediately
These errors are informative and self-explanatory.
SOCKS request when SOCKD features disabled [sockd]
Attempt to access the proxy as a SOCKS daemon while the SOCKD feature on the proxy was disabled.
attempt to access the proxy as a normal HTTP server, URL: ...
Attempt to access the proxy as a normal server; this is usually simply a mistyped admin URL, but might also reflect somebody trying to intrude on the local filesystem of the proxy using evil URLs, such as the ones containing /../. Netscape guards against any such attempts and accessing the local filesystem is impossible, except for the admin interface.
denying service of ...
Service was denied by configuration.
incoming connection came from a wrong host: ..., should have come from ...
With SOCKS BIND command, a wrong host connected to the listener.
no matching rule -- refused by default
SOCKS request was denied because it wasn't explicitly allowed.
refused by deny rule
SOCKS request was denied by an explicit rule.
username mismatch: real ..., not ...
SOCKS identity check failed. The remote user claimed to be someone other than who the remote identity daemon reported.
terminated, shutting down
Proxy was shut down by the TERM signal.