[squid-users] Squid transparent not caching apt requests from deb.debian.org

zrm zrm at trustiosity.com
Fri Apr 3 20:26:13 UTC 2020 

Greetings! Today I bring you a Squid cache mystery.

I configured a simple transparent proxy to cache package downloads for 
Debian, using Squid on Debian 10. When apt clients download packages 
from deb.debian.org, Squid says TCP_MISS, downloads the package, and 
then doesn't cache it. The mystery is, why not.

It caches other requests by other applications. It caches other requests 
by apt -- packages from security.debian.org get cached. It caches 
requests for deb.debian.org when the client is not apt -- using wget or 
curl on the same URL causes it to be cached, as does pasting the HTTP 
request into netcat. The same HTTP request that apt sends. I checked the 
packets with WireShark and the TCP payload for the request is byte for 
byte identical, but when apt does it, it isn't cached. I'm not sure how 
it's even distinguishing the requests in order to behave differently.

These are the changes from the default squid.conf packaged with Debian 10:
http_access allow localnet
http_port 3130
http_port 3128 intercept
maximum_object_size_in_memory 4 MB

Here are repeated requests using "apt remove -y vim;apt install vim", 
access.log:

1585891724.223    560 192.168.111.55 TCP_MISS/200 1281195 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb - 
ORIGINAL_DST/199.232.64.204 application/x-debian-package
1585891726.697    277 192.168.111.55 TCP_MISS/200 1281195 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb - 
ORIGINAL_DST/199.232.64.204 application/x-debian-package

store.log:

1585891535.154 RELEASE -1 FFFFFFFF 04000000000000001712000001000000  200 
1585891535 1560620795 1588483535 application/x-debian-package 
1280476/1280476 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb
1585891724.223 RELEASE -1 FFFFFFFF 05000000000000001712000001000000  200 
1585891723 1560620795 1588483723 application/x-debian-package 
1280476/1280476 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb

But here are repeated requests for the same url using wget, access.log:

1585891729.700    433 192.168.111.55 TCP_MISS/200 1281195 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb - 
ORIGINAL_DST/199.232.66.133 application/x-debian-package
1585891731.089     70 192.168.111.55 TCP_REFRESH_UNMODIFIED/200 1281232 
GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb - 
ORIGINAL_DST/199.232.66.133 application/x-debian-package

store.log:

1585891726.697 RELEASE -1 FFFFFFFF 06000000000000001712000001000000  200 
1585891726 1560620795 1588483726 application/x-debian-package 
1280476/1280476 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb
1585891731.047 RELEASE -1 FFFFFFFF 08000000000000001712000001000000  304 
1585891731        -1 1588483731 unknown -1/-293 GET 
http://deb.debian.org/debian/pool/main/v/vim/vim_8.1.0875-5_amd64.deb

In the first case we get TCP_MISS every time because it isn't caching 
the data, in the second case it's only the first time and after that we 
get TCP_REFRESH_UNMODIFIED. But how and why is this happening?

More information about the squid-users mailing list