[squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9

Mon Jun 12 14:26:36 UTC 2023

Hi

Further discussion happened on
https://bugs.squid-cache.org/show_bug.cgi?id=5274 and has more details.

But yes, the issue is the same for a connection just from squid logs: how
to know if a request has passed or failed.

Regards
Sachin

On Mon, Jun 12, 2023 at 1:51 PM <ngtech1ltd at gmail.com> wrote:

> Hey Sachin,
>
> What's the issue?
> That the logs don't reflect the reality?
>
> Thanks,
> Eliezer
>
>
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf
> Of sachin gupta
> Sent: Thursday, May 25, 2023 18:21
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9
>
> Hi All
>
> We are migrating for squid 4.15 to squid 5.9. We are running our existing
> test suite to check if we pass our sanity testing.
>
> For requests in transparent mode, though request passes and client get
> 200, in squid logs we are getting TCP_TUNNEL/500. We were not getting this
> issue with squid 4.15.
>
> Client logs
>
> curl -v https://origin/cache/0
> *   Trying 10.80.96.68:443...
> * TCP_NODELAY set
> * Connected to origin (10.80.96.68) port 443 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * Cipher selection:
> ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
> * successfully set certificate verify locations:
> *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
>   CApath: none
> * TLSv1.2 (OUT), TLS header, Certificate Status (22):
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
> * ALPN, server did not agree to a protocol
> * Server certificate:
> *  subject: C=US; ST=CA; L=SF; O=SFDC;
> OU=0:ns.tester;1:mvp;2:mist51;3:na44;4:dev1; CN=origin
> *  start date: Jul 26 06:59:41 2022 GMT
> *  expire date: Jul 26 06:59:41 2023 GMT
> *  subjectAltName: host "origin" matched cert's "origin"
> *  issuer: C=US; ST=CA; L=SF; O=SFDC; OU=Edge; CN=ca
> *  SSL certificate verify ok.
> > GET /cache/0 HTTP/1.1
> > Host: origin
> > User-Agent: curl/7.67.0
> > Accept: */*
> >
> * Mark bundle as not supporting multiuse
> < HTTP/1.1 200 OK
> < Server: origin
> < Date: Thu, 25 May 2023 15:08:57 GMT
> < Connection: close
> < Content-Type: application/json
> < Content-Length: 162
> < Cache-Control: public, max-age=0
> < Access-Control-Allow-Origin: *
> < Access-Control-Allow-Credentials: true
> <
>
> {"args":{},"headers":{"Accept":"*/*","Host":"origin","User-Agent":"curl/7.67.0","X-Origin-Server":"origin"},"origin":"10.80.96.3","url":"
> https://origin/cache/0"}
> * Closing connection 0
> * TLSv1.2 (OUT), TLS alert, close notify (256):
>
> Squid access logs
>
> [25/May/2023:15:08:57]      31 http://10.80.96.6:51028 - NONE_NONE/000 0
> CONNECT http://10.80.96.68:443 tester HIER_NONE/- - - tester 746573746572
> dagobah [-] - [-] - [-] - 0 0 - - [origin]
> [25/May/2023:15:08:57]     40 http://10.80.96.6:51028 - TCP_TUNNEL/500
> 800 CONNECT origin:443 tester HIER_DIRECT/origin 10.80.96.68 - tester
> 746573746572 dagobah [-] - [-] - [-] - 1969 2769 4 33 [origin]
>
> Can someone please help in this.
>
> Regards
> Sachin
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230612/78dddc6a/attachment.htm>