<div dir="ltr">So for the past few days I have been struggling with Squid in intercept mode on FreeBSD-10.1.<div><br></div><div>Using the same squid.conf for Squid-3.4.10 and Squid-3.5.1 and the same Firewall rules (I have tested with IPFilter and PF and these rules work with Squid-2.7.9 on several FreeBSD boxes that I have):</div><div><br></div><div>1. Squid-3.5.1 has completely refused to play along - always complaining about "loop detected" and hence denying all requests</div><div>2. Squid-3.4.10 plays along, BUT has so much complaints in cache.log as below:</div><div><br></div><div><div>2015/01/23 13:26:43| Set Current Directory to /usr/local/squid/logs</div><div>2015/01/23 13:26:43| Set Current Directory to /usr/local/squid/logs</div><div>2015/01/23 13:26:43| Starting Squid Cache version 3.4.10 for amd64-portbld-freebsd10.1...</div><div>2015/01/23 13:26:43| Process ID 15770</div><div>2015/01/23 13:26:43| Process Roles: master worker</div><div>2015/01/23 13:26:43| With 114417 file descriptors available</div><div>2015/01/23 13:26:43| Initializing IP Cache...</div><div>2015/01/23 13:26:43| DNS Socket created at [::], FD 5</div><div>2015/01/23 13:26:43| DNS Socket created at 0.0.0.0, FD 6</div><div>2015/01/23 13:26:43| Adding domain <a href="http://ili.or.ug">ili.or.ug</a> from /etc/resolv.conf</div><div>2015/01/23 13:26:43| Adding nameserver 127.0.0.1 from /etc/resolv.conf</div><div>2015/01/23 13:26:43| helperOpenServers: Starting 5/15 'ssl_crtd' processes</div><div>2015/01/23 13:26:43| helperOpenServers: Starting 10/15 'ut-squidbooster' processes</div><div>2015/01/23 13:26:43| Logfile: opening log stdio:/usr/local/squid/logs/access.log</div><div>2015/01/23 13:26:43| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec</div><div>2015/01/23 13:26:43| Store logging disabled</div><div>2015/01/23 13:26:43| Swap maxSize 104857600 + 131072 KB, estimated 8076051 objects</div><div>2015/01/23 13:26:43| Target number of buckets: 403802</div><div>2015/01/23 13:26:43| Using 524288 Store buckets</div><div>2015/01/23 13:26:43| Max Mem size: 131072 KB</div><div>2015/01/23 13:26:43| Max Swap size: 104857600 KB</div><div>2015/01/23 13:26:43| Rebuilding storage in /usr/local/squid/cache (dirty log)</div><div>2015/01/23 13:26:43| Using Least Load store dir selection</div><div>2015/01/23 13:26:43| Set Current Directory to /usr/local/squid/logs</div><div>2015/01/23 13:26:43| Finished loading MIME types and icons.</div><div>2015/01/23 13:26:43| HTCP Disabled.</div><div>2015/01/23 13:26:43| Pinger socket opened on FD 45</div><div>2015/01/23 13:26:43| Squid plugin modules loaded: 0</div><div>2015/01/23 13:26:43| Adaptation support is off.</div><div>2015/01/23 13:26:43| Accepting NAT intercepted HTTP Socket connections at local=[::]:13128 remote=[::] FD 40 flags=41</div><div>2015/01/23 13:26:43| Accepting HTTP Socket connections at local=[::]:13127 remote=[::] FD 41 flags=9</div><div>2015/01/23 13:26:43| Accepting NAT intercepted SSL bumped HTTPS Socket connections at local=[::]:13129 remote=[::] FD 42 flags=41</div><div>2015/01/23 13:26:43| Accepting ICP messages on [::]:3130</div><div>2015/01/23 13:26:43| Sending ICP messages from [::]:3130</div><div>2015/01/23 13:26:43| pinger: Initialising ICMP pinger ...</div><div>2015/01/23 13:26:43| pinger: ICMP socket opened.</div><div>2015/01/23 13:26:43| pinger: ICMPv6 socket opened</div><div>2015/01/23 13:26:43| Store rebuilding is 50.88% complete</div><div>2015/01/23 13:26:43| Done reading /usr/local/squid/cache swaplog (7861 entries)</div><div>2015/01/23 13:26:43| Finished rebuilding storage from disk.</div><div>2015/01/23 13:26:43| 7845 Entries scanned</div><div>2015/01/23 13:26:43| 0 Invalid entries.</div><div>2015/01/23 13:26:43| 0 With invalid flags.</div><div>2015/01/23 13:26:43| 7829 Objects loaded.</div><div>2015/01/23 13:26:43| 0 Objects expired.</div><div>2015/01/23 13:26:43| 16 Objects cancelled.</div><div>2015/01/23 13:26:43| 0 Duplicate URLs purged.</div><div>2015/01/23 13:26:43| 0 Swapfile clashes avoided.</div><div>2015/01/23 13:26:43| Took 0.05 seconds (168735.72 objects/sec).</div><div>2015/01/23 13:26:43| Beginning Validation Procedure</div><div>2015/01/23 13:26:43| Completed Validation Procedure</div><div>2015/01/23 13:26:43| Validated 7829 Entries</div><div>2015/01/23 13:26:43| store_swap_size = 457188.00 KB</div><div>2015/01/23 13:26:44| storeLateRelease: released 0 objects</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x804ce9b78 dns_internal.cc:1131</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x804b1d7d8 ipcache.cc:353</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x8048b2698 Checklist.cc:45</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x804b1d7d8 Checklist.cc:160</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x804b1b618 helper.cc:856</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x804b1d7d8 redirect.cc:176</div><div>2015/01/23 13:26:47| CBDATA memory leak. cbdata=0x8049e9498 store_client.cc:337</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x804ce9b78 ipcache.cc:353</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8048b27d8 Checklist.cc:45</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8094c8058 store_client.cc:154</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8049e9498 store_client.cc:337</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8049e9498 store_client.cc:337</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8094c6058 CommCalls.cc:21</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8094c8058 store_client.cc:154</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8049e9498 store_client.cc:337</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x804ab8458 CommCalls.cc:21</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8094c8058 store_client.cc:154</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8049e9498 store_client.cc:337</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x804b1d718 clientStream.cc:235</div><div>2015/01/23 13:26:48| CBDATA memory leak. cbdata=0x8048b2558 Checklist.cc:320</div></div><div><br></div><div>I am running squid like:</div><div>/usr/local/sbin/squid -f /usr/local/etc/squid/squid.conf -N<br></div><div><br></div><div>I do not see any coredumps with this scenario even when I run with -NCd1</div><div><br></div><div>For the time being I have opted to run squid with cache_log set to /dev/null. Not elegant at all.</div><div><br></div><div>So my questions:</div><div><br></div><div>Is anyone else here successfully running squid (3.4.10 or 3.5.x) in intercept mode on FreeBSD 10.x using either PF or IPFilter?</div><div><br></div><div>I'd really love to compare notes. Maybe that will help clear my current brain-lock!</div><div><br></div><div>Technically, I have reached my /etc on this one.</div><div><br></div><div>My squid.conf is available at <a href="http://pastebin.com/L16cDmRp">http://pastebin.com/L16cDmRp</a></div><div><br></div><div><br></div><div><br></div><div><br><div><div><br></div>-- <br><div class="gmail_signature">Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254733744121/+254722743223<br>"I can't hear you -- I'm using the scrambler."<br></div>
</div></div></div>