Appendix A. Proxy Error Log Messages

This appendix defines the errors the proxy sends to the error log file. The errors are categorized:

List of Errors

CATASTROPHE

cache file size not in sync with cache info

The system suddenly went down or the filesystem became full during the cache write, or the cache file has otherwise been truncated. Normally the proxy notices any abnormal conditions, but if an outside agent causes cache files to become corrupt, the proxy will issue this message. The corrupt cache file will be removed, and a new one created during the next request.

CATASTROPHE

filesystem is full

The cache filesystem has become full. The proxy will halt any cache writes, and an attempt is made to signal the garbage collector to activate immediately. Cache writes are resumed after the condition no longer persists. Consider allocating more space to the cache system.

CATASTROPHE

cannot open file .../.cache-size for writing—the cache may overflow if the condition persists

The proxy failed to write the current cache size to the file that contains it. This could be a temporary condition, but if it persists the proxy will not be able to keep track of its cache size. This can cause the cache to overflow on high impact systems. It's possible the write permissions aren't correct for the user account the proxy uses.

CATASTROPHE

cannot read header section from the cache file

The cache file is truncated, or permissions are such that the cache file cannot be read. Care should be taken that the cache hierarchy is entirely readable and writable by the proxy user.

CATASTROPHE

caught SIGSEGV or SIGBUS, trying to dump core in admin/config

The proxy encountered an internal software error. Contact Netscape Communications for help with this error. If you rarely encounter this error and it doesn't affect the proxy service, you can ignore this message.

CATASTROPHE

failed to write cache status file

The write to the cache data directory ([CacheRoot]/.mc-data) failed. The condition might be temporary (for example, it was caused by a full filesystem), but if it persists, the proxy might stop caching until the situation is fixed. It's possible the permissions for the proxy's user account aren't specified correctly.

CATASTROPHE

filesystem permission problem in subdir .mc-data under Cache Root

The filesystem permissions are wrong under the [CacheRoot]/.mc-data. Care should be taken that the entire CacheRoot directory and recursively all its subdirectories are readable and writable by the proxy user.

FAILURE

SOCKS request read failed

Client disconnected before the SOCKS request was entirely received by the proxy.

FAILURE

accept failed on the bound socket (...)

The SOCKS daemon failed to establish the connection from a remote server, requested by the client (SOCKS BIND request).

FAILURE

no port number specified for host…
bad port number specified in …

Proxy received an invalid SSL proxying request (CONNECT method with number or a bad port number).

FAILURE

cache write aborted

Cache write was aborted because the remote server failed to send the entire document, the client disconnected, or some other error condition occurred.

FAILURE

called with no hostname or address (or corrupt) [SSL proxy]

Proxy received an invalid SSL proxying request.

FAILURE

can't create socket (...)
can't bind (...)
can't connect (...)
can't get peer name (...)
can't get socket name (...)
can't make ... connection non-blocking
can't make client socket non-blocking (...)
can't make connection to ... non-blocking
can't make identd connection non-blocking (...)
connect failed (...)
connect to ... failed (...)
timed out sending ident request

The SSL proxying module or the SOCKS daemon couldn't successfully execute the system call in question, as part of establishing a connection to either a remote host or a remote identity daemon (identd).

FAILURE

can't connect to identd at ... -- access denied

Remote host is not running the identity daemon, and strict identity check is enabled.

FAILURE

can't connect to identd at ... -- error ignored

Remote host is not running the identity daemon, but loose identity check allows the request to be serviced.

FAILURE

can't find username from ident daemon response (...)
can't parse response from ident daemon (...)

The SOCKS daemon received a bad response from the remote identity daemon.

FAILURE

can't locate SOCKS host

The SSL proxy module is unable to locate the SOCKS host it has been configured to contact to establish outbound connections.

FAILURE

can't locate host ...

The SSL proxy module is unable to locate the remote host.

FAILURE

can't open SOCKD log ...

Can't open the separate SOCKS daemon log file.

FAILURE

cannot create lock file ... (...)

The proxy failed to create a lock file; this might happen if the system resources are exhausted or the machine load is so high that the process holding the lock cannot get it. In the short term this error is harmless, and the proxy will automatically recover from it. However, if the condition persists for long periods of time it might cause cache overflow or other abnormal behavior. Check the permissions for the proxy's user account and the files under the cache root directory.

FAILURE

cannot open ... for writing -- caching disabled as long as error persists
cannot open cache output file ...
cannot open file .../.cache-size for appending - the cache may overflow if the condition persists
cannot open gc pid file -- cannot signal gc
cannot remove file ... -- may cause disk full detection to fail

The filesystem permissions under the cache root or the server root are wrong so that the proxy cannot open the cache file for writing. On a heavily loaded system this can also be caused by a temporary failure to do disk I/O, in which case this error might be ignored unless the condition persists. In the long-term this error may cause malfunction of the caching subsystem and the garbage collector.

FAILURE

cannot signal gc pid ...; running start-proxy to respawn gc

After the filesystem full condition, the garbage collector couldn't be signaled to start garbage collection. The proxy will automatically attempt to spawn a new garbage collector process.

FAILURE

connection timed out after ... seconds idle

The SSL proxy or SOCKS connection has been idle too long.

FAILURE

content-length mismatch; too many bytes received

The proxy received an incorrect amount of data while it was writing to the cache file. This is due to erroneous behavior on the remote server side, and causes the cache file to be discarded.

FAILURE

disconnected by client/server/timeout/internal error condition with ... bytes in/outbound data undelivered

SOCKS or SSL proxying connection was terminated prematurely by one of the parties before all the pending data was transferred.

FAILURE

failed to send ident request (sent ... bytes out of ...)

The SOCKS daemon was unable to send the identity check request to the remote identity daemon.

FAILURE

internal netlib timeout; process terminated

Proxy retrieval lasted too long. This is an internal timeout that cleans up processes that suddenly get blocked due to an unexpected error in the network or one of the proxy subsystems.

FAILURE

method without URI

The client sent an invalid proxy request.

FAILURE

proxy retrieve failed: ...

A generic message when the retrieval failed due to a mistyped URL, a non-existing hostname, unreachable host or network, disabled or overloaded server, or other unexpected network error.

FAILURE

proxy timeout; closing connection

The proxy didn't receive any data from the remote server within the proxy timeout period.

FAILURE

remote closed the connection prematurely (timeout?)

The remote server closed the connection before all the data was received, causing the cache write to abort and discard the cache file.

FAILURE

select over the two connections failed (...)

Unexpected error in SOCKD or SSL proxying module while passing data through the proxy.

FAILURE

unknown SOCKS command (...)

The proxy received a bad or unsupported SOCKS command.

FAILURE

while scanning proxy HTTP headers, ...

An error occurred while reading the request headers from the client.

FAILURE

wrong SOCKS protocol version (...)

The proxy received a SOCKS request that is not supported in the current version (Netscape Proxy 1.1 supports SOCKS version 4).

INFORM

... already locked

The cache file is already locked—another process is already writing the cache file. This is merely informative, not an error.

INFORM

SOCKD logging shutting down
SOCKD logs to a separate file…in extended common log file format
SOCKD logs to a separate file…in traditional SOCKD SYSLOG format
cache-size sync in progress; abandoning scheduled sync
cache-size sync lock timed out; breaking it
removing timed-out lock file…
signalled gc to start immediately

These errors are informative and self-explanatory.

SECURITY

SOCKS request when SOCKD features disabled [sockd]

Attempt to access the proxy as a SOCKS daemon while the SOCKD feature on the proxy was disabled.

SECURITY

attempt to access the proxy as a normal HTTP server, URL: ...

Attempt to access the proxy as a normal server; this is usually simply a mistyped admin URL, but might also reflect somebody trying to intrude on the local filesystem of the proxy using evil URLs, such as the ones containing /../. Netscape guards against any such attempts and accessing the local filesystem is impossible, except for the admin interface.

SECURITY

denying service of ...

Service was denied by configuration.

SECURITY

incoming connection came from a wrong host: ..., should have come from ...

With SOCKS BIND command, a wrong host connected to the listener.

SECURITY

no matching rule -- refused by default

SOCKS request was denied because it wasn't explicitly allowed.

SECURITY

refused by deny rule

SOCKS request was denied by an explicit rule.

SECURITY

username mismatch: real ..., not ...

SOCKS identity check failed. The remote user claimed to be someone other than who the remote identity daemon reported.

WARNING

terminated, shutting down

Proxy was shut down by the TERM signal.