[squid-users] squid 5.3 frequent crash

Majed Zouhairy m_zouhairy at ckta.by
Thu Jan 6 11:53:53 UTC 2022 

peace i have squid with ufdb guard, after upgrading today to 5.3 i'm 
getting:

....

2022/01/06 14:47:35| Processing: acl localhet src 169.254.0.0/16 	# RFC 
3927 link-local (directly plugged) machines
2022/01/06 14:47:35| Processing: acl SSL_ports port 443
2022/01/06 14:47:35| Processing: acl Safe_ports port 80		# http
2022/01/06 14:47:35| Processing: acl Safe_ports port 8080	# http
2022/01/06 14:47:35| Processing: acl Safe_ports port 21		# ftp
2022/01/06 14:47:35| Processing: acl Safe_ports port 443		# https
2022/01/06 14:47:35| Processing: acl Safe_ports port 70		# gopher
2022/01/06 14:47:35| Processing: acl Safe_ports port 210		# wais
2022/01/06 14:47:35| Processing: acl Safe_ports port 1025-65535	# 
unregistered ports
2022/01/06 14:47:35| Processing: acl Safe_ports port 280		# http-mgmt
2022/01/06 14:47:35| Processing: acl Safe_ports port 488		# gss-http
2022/01/06 14:47:35| Processing: acl Safe_ports port 591		# filemaker
2022/01/06 14:47:35| Processing: acl Safe_ports port 777		# multiling http
2022/01/06 14:47:35| Processing: acl CONNECT method CONNECT
2022/01/06 14:47:35| Processing: acl blockfiles urlpath_regex -i 
"/etc/squid/blocks.files.acl"
2022/01/06 14:47:35| Processing: http_access deny !Safe_ports
2022/01/06 14:47:35| Processing: http_access deny CONNECT !SSL_ports
2022/01/06 14:47:35| Processing: http_access allow localhost manager
2022/01/06 14:47:35| Processing: http_access deny manager
2022/01/06 14:47:35| Processing: visible_hostname proxy.skko.by
2022/01/06 14:47:35| Processing: forwarded_for delete
2022/01/06 14:47:35| Processing: delay_pools 1
2022/01/06 14:47:35| Processing: delay_class 1 3
2022/01/06 14:47:35| Processing: delay_access 1 allow slower
2022/01/06 14:47:35| Processing: delay_access 1 deny all
2022/01/06 14:47:35| Processing: delay_parameters 1 128000/128000 -1/-1 
128000/64000
2022/01/06 14:47:35| Processing: http_access allow localnet
2022/01/06 14:47:35| Processing: http_access allow localhost
2022/01/06 14:47:35| Processing: http_access deny all
2022/01/06 14:47:35| Processing: http_port 8080 ssl-bump 
cert=/etc/squid/certs/myCA.pem generate-host-certificates=on 
dynamic_cert_mem_cache_size=8MB
2022/01/06 14:47:35| Processing: acl 	tls_s1_connect			at_step SslBump1
2022/01/06 14:47:35| Processing: acl 	tls_s2_client_hello 	at_step SslBump2
2022/01/06 14:47:35| Processing: acl 	tls_s3_server_hello 	at_step SslBump3
2022/01/06 14:47:35| Processing: acl 	tls_allowed_hsts		ssl::server_name 
			.akamaihd.net
2022/01/06 14:47:35| Processing: acl 	tls_allowed_hsts		ssl::server_name 
			.proxy.skko.by
2022/01/06 14:47:35| Processing: acl 	tls_server_is_bank 	 
ssl::server_name		 
"/usr/local/ufdbguard/blacklists/finance/domains.squidsplice"
2022/01/06 14:47:35| Processing: acl 	tls_to_splice 			any-of 					 
tls_allowed_hsts		tls_server_is_bank
2022/01/06 14:47:35| Processing: ssl_bump 		peek				tls_s1_connect 		# 
peek at TLS/SSL connect data
2022/01/06 14:47:35| Processing: ssl_bump 		splice 				tls_to_splice		# 
splice some: no active bump
2022/01/06 14:47:35| Processing: ssl_bump 		stare 				all					# 
stare(peek) at server
2022/01/06 14:47:35| Processing: ssl_bump 		bump									# bump if we 
can (if the stare succeeded)
2022/01/06 14:47:35| Processing: cache_dir ufs /var/cache/squid 3000 16 256
2022/01/06 14:47:35| Processing: coredump_dir /var/cache/squid
2022/01/06 14:47:35| Processing: cache_mem 960 MB
2022/01/06 14:47:35| Processing: netdb_filename none
2022/01/06 14:47:35| Processing: refresh_pattern ^ftp:				1440	20%	10080
2022/01/06 14:47:35| Processing: refresh_pattern ^gopher:			1440	0%	1440
2022/01/06 14:47:35| Processing: refresh_pattern -i (/cgi-bin/|\?) 	0		0%	0
2022/01/06 14:47:35| Processing: refresh_pattern .					0		20%	4320
2022/01/06 14:47:35| Processing: url_rewrite_extras "%>a/%>A %un %>rm 
bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
2022/01/06 14:47:35| Processing: url_rewrite_program 
/usr/local/ufdbguard/bin/ufdbgclient -m 4 -l /var/log/squid/
2022/01/06 14:47:35| Processing: url_rewrite_children 16 startup=8 
idle=2 concurrency=4 queue-size=64
2022/01/06 14:47:35| Initializing https:// proxy context
2022/01/06 14:47:35| Requiring client certificates.
2022/01/06 14:47:36| Initializing http_port [::]:8080 TLS contexts
2022/01/06 14:47:36| Using certificate in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Using certificate chain in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Adding issuer CA: 
/C=BY/ST=Minsk/L=Minsk/O=RUP/OU=COD/CN=proxy.skko.by/emailAddress=v_sedina at skno.by
2022/01/06 14:47:36| Using key in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Not requiring any client certificates


in cache.log:

2022/01/06 14:27:14 kid1| ERROR: failure while accepting a TLS 
connection on conn907 local=10.10.10.10:8080 remote=10.14.10.15:54125 FD 
197 flags=1: 0x55e7126a28c0*1
     current master transaction: master95
2022/01/06 14:27:16| Pinger exiting.
2022/01/06 14:27:18 kid1| FATAL: check failed: opening()
     exception location: FwdState.cc(628) noteDestinationsEnd
     current master transaction: master95
2022/01/06 14:27:18 kid1| Closing Pinger socket on FD 46
     current master transaction: master95
2022/01/06 14:27:18| Removing PID file (/run/squid.pid)

systemctl status squid
× squid.service - Squid caching proxy
      Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; 
vendor preset: disabled)
      Active: failed (Result: exit-code) since Thu 2022-01-06 14:27:18 
+03; 23min ago
        Docs: man:squid(8)
     Process: 12653 
ExecStartPre=/usr/libexec/squid/initialize_cache_if_needed.sh 
(code=exited, status=0/SUCCESS)
     Process: 12657 ExecStart=/usr/sbin/squid -FC (code=exited, 
status=0/SUCCESS)
    Main PID: 12658 (code=exited, status=1/FAILURE)
         CPU: 3min 22.025s

Jan 06 14:27:07 proxy squid[12658]: Squid Parent: squid-1 process 13723 
exited with status 1
Jan 06 14:27:07 proxy squid[12658]: Squid Parent: (squid-1) process 
13773 started
Jan 06 14:27:09 proxy squid[12658]: Squid Parent: squid-1 process 13773 
exited with status 1
Jan 06 14:27:09 proxy squid[12658]: Squid Parent: (squid-1) process 
13823 started
Jan 06 14:27:18 proxy squid[12658]: Squid Parent: squid-1 process 13823 
exited with status 1
Jan 06 14:27:18 proxy squid[12658]: Squid Parent: squid-1 process 13823 
will not be restarted for 3600 seconds due to repeated, frequent failures
Jan 06 14:27:18 proxy squid[12658]: Exiting due to repeated, frequent 
failures
Jan 06 14:27:18 proxy systemd[1]: squid.service: Main process exited, 
code=exited, status=1/FAILURE
Jan 06 14:27:18 proxy systemd[1]: squid.service: Failed with result 
'exit-code'.
Jan 06 14:27:18 proxy systemd[1]: squid.service: Consumed 3min 22.025s 
CPU time.

what is the cause knowing that i changed /var/cache/squid/ssl_db from 
root:root to squid:squid
and /var/cache/squid from root:squid to squid:squid

sudo sysctl -a | grep net.ipv6.conf.all.disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1


what is the cause?

More information about the squid-users mailing list