# [solved]havp spawn unlimit count of processes

## toralf

I used an "uncommon" scenario : I emerged net-proxy/havp-0.90-r1:0 and app-antivirus/clamav-0.96.1:0 (but not squid), configured havp a little bit:

```
n22 /etc/havp # grep -v -e '#' -e '^$' havp.config 

LOGLEVEL 1

TRANSPARENT true

ENABLECLAMLIB true

ENABLECLAMD false

ENABLEFPROT false

ENABLEAVG false

ENABLEAVESERVER false

ENABLESOPHIE false

ENABLETROPHIE false

ENABLENOD32 false

ENABLEAVAST false

ENABLEARCAVIR false

ENABLEDRWEB false

```

added this to my iptables :

```
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

```

 started havp and pointed my firefox to http://localhost:8080.

Then I observed this in /var/log/havp/error.log : 

```
...

1 S havp     25749 25365  0  80   0 - 34761 poll_s 20:00 ?        00:00:00 /usr/sbin/havp

1 S havp     25750 25365  0  80   0 - 34761 poll_s 20:00 ?        00:00:00 /usr/sbin/havp

1 S havp     25751 25749  0  80   0 - 34761 locks_ 20:00 ?        00:00:00 /usr/sbin/havp

1 S havp     25752 25750  0  80   0 - 34761 locks_ 20:00 ?        00:00:00 /usr/sbin/havp

...

```

Furthermore more and more havp processes were spawned. 

Is this a bug or the result of the configuration ?Last edited by toralf on Mon Jul 05, 2010 7:33 am; edited 1 time in total

----------

## gerdesj

Have you tried to connect directly to HAVP without using port redirection?

----------

## toralf

 *gerdesj wrote:*   

> Have you tried to connect directly to HAVP without using port redirection?

 yep - now solved.

Now I'm wondering whether it is possible to use havp at my client w/o any browser proxy configuration - only using iptables rules.

----------

## gerdesj

 *toralf wrote:*   

>  *gerdesj wrote:*   Have you tried to connect directly to HAVP without using port redirection? yep - now solved.
> 
> Now I'm wondering whether it is possible to use havp at my client w/o any browser proxy configuration - only using iptables rules.

 

Did you have to do anything else apart from remove the port remapping?

You should be able to do transparent proxying.  Now as the proxy is on the localhost, you have to allow havp itself out without itself being redirected.

I have not tested this in any way but a bit of a rewrite of the solution here: http://ubuntuforums.org/showthread.php?t=1346350

```

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner havp -j ACCEPT

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080

```

... might do the trick. Note the --uid owner bit - change that to the user that HAVP runs under.

----------

## toralf

yes, replacing it with "$(id -u havp)" did the trick - thx.

 :Smile: 

----------

