[squid-users] Rewriting HTTP to HTTPS for generic package proxy

Fiehe, Christoph c.fiehe at eurodata.de
Wed Jul 10 20:06:49 UTC 2024


No problem. Thank you very much for your help.

I checked the difference between a working call when the URL is not being rewritten and the not working call with a schema rewrite. The problem is that the proxy just forwards the client GET request to the upstream proxy, but in that case a CONNECT is required. I suppose that Squid does not consider the protocol change initiated by the url_rewrite_program. Is there any opportunity to add something to the code that handles the protocol change requested by url_rewrite_program in case of a rewrite?

Working case: Upstream proxy receives a CONNECT from the downstream proxy

2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
2024/07/10 21:06:05.355 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
2024/07/10 21:06:05.355 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
2024/07/10 21:06:05.355 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:40122)
2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
2024/07/10 21:06:05.355 kid1| 5,3| IoCallback.cc(112) finish: called for conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 (0, 0)
2024/07/10 21:06:05.355 kid1| 5,3| Read.cc(93) ReadNow: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1, size 4096, retval 213, errno 0
2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300
2024/07/10 21:06:05.355 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1
2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
---------
CONNECT download.docker.com:443 HTTP/1.1
Host: download.docker.com:443
User-Agent: curl/7.81.0
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=259200
Connection: close

Not working after schema rewrite: Upstream proxy receives a GET from the proxy

2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found
2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:59100)
2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)
2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293, errno 0
2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1
2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST:
---------
GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
Host: download.docker.com
Accept: text/*
User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
Via: 1.1 pkg-proxy (squid/6.10)
X-Forwarded-For: 10.2.59.102
Cache-Control: max-age=0
Connection: keep-alive


>-----Ursprüngliche Nachricht-----
>Von: Alex Rousskov <rousskov at measurement-factory.com>
>Gesendet: Mittwoch, 10. Juli 2024 18:56
>An: squid-users at lists.squid-cache.org
>Cc: Fiehe, Christoph <c.fiehe at eurodata.de>
>Betreff: Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy
>
>On 2024-07-10 12:42, Fiehe, Christoph wrote:
>
>> In the next test case, I used a more modern upstream proxy server based von Squid 6.8
>and enabled debugging.
>>
>> The log shows the error SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED. I am not
>sure, what I can do to prevent it from occurring
>
>I cannot help with GnuTLS, but I can recommend using Squid built with
>OpenSSL libraries (./configure --with-openssl) instead of Squid built
>with GnuTLS.
>
>
>HTH,
>
>Alex.
>
>
>
>> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12
>> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on
>conn482169 local=[::]:3128 remote=[::] FD 12 flags=9
>> 2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request
>> 2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181
>NOT found
>> 2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to
>retrieve connection mark: (-1) (2) No such file or directory (Destination
>212.89.134.12:3128, source 10.2.59.181:59100)
>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
>> 2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175
>local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0)
>> 2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175
>local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293,
>errno 0
>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300
>> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty
>> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client
>conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1
>> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client
>REQUEST:
>> ---------
>> GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1
>> Host: download.docker.com
>> Accept: text/*
>> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
>> Via: 1.1 pkg-proxy (squid/6.10)
>> X-Forwarded-For: 10.2.59.102
>> Cache-Control: max-age=0
>> Connection: keep-alive
>>
>>
>> ----------
>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1364) parseHttpRequest: complete
>request received. prefix_sz = 293, request-line-size=77, mime-header-size=216, mime header
>block:
>> Host: download.docker.com
>> Accept: text/*
>> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive
>> Via: 1.1 pkg-proxy (squid/6.10)
>> X-Forwarded-For: 10.2.59.102
>> Cache-Control: max-age=0
>> Connection: keep-alive
>>
>>
>> ----------
>> 2024/07/10 18:24:44.031 kid1| 87,3| clientStream.cc(139) clientStreamInsertHead:
>clientStreamInsertHead: Inserted node 0x5651b6c14538 with data 0x5651b379ecb0 after head
>> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175
>local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 86400
>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1767) add: 0x5651b379dc40*3 to 0/0
>> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x5651b328cb80 add
>request 1 0x5651b379dc40*4
>> 2024/07/10 18:24:44.031 kid1| 23,3| Uri.cc(446) parse: Split URL
>'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' into proto='https',
>host='download.docker.com', port='443', path='/linux/ubuntu/dists/jammy/InRelease'
>> 2024/07/10 18:24:44.031 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>'download.docker.com': Name or service not known
>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(702) clientSetKeepaliveFlag: http_ver
>= HTTP/1.1
>> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(703) clientSetKeepaliveFlag: method =
>GET
>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(123) ClientRequestContext:
>ClientRequestContext constructed, this=0x5651b667b8b8
>> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1709) doCallouts: Doing
>calloutContext->hostHeaderVerify()
>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(607) hostHeaderVerify:
>validate host=download.docker.com, port=0, portStr=NULL
>> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(621) hostHeaderVerify:
>validate skipped.
>> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1716) doCallouts: Doing
>calloutContext->clientAccessCheck()
>> 2024/07/10 18:24:44.031 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking
>slow rules
>> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked:
>follow_x_forwarded_for#1 = 1
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: follow_x_forwarded_for
>= 1
>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer
>DENIED for match
>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(162) checkCallback:
>ACLChecklist::checkCallback: 0x5651b56d0d38 answer=DENIED
>> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b5f334e8 checking
>slow rules
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#1 = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#2 = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#3 = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| RegexData.cc(50) match: checking
>'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: manager = 0
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#4 = 0
>> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>'download.docker.com', flags=1
>> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:
>Releasing entry for 'download.docker.com'
>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>'download.docker.com': Name or service not known
>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>'download.docker.com': Name or service not known
>> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1793) idnsALookup: idnsALookup: buf
>is 37 bytes for download.docker.com, id = 0xc228
>> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871
>> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1729) idnsSendSlaveAAAAQuery: buf is
>48 bytes for download.docker.com, id = 0x798c
>> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: comm_udp_sendto:
>Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871
>> 2024/07/10 18:24:44.032 kid1| 28,3| DestinationIp.cc(78) match: can't yet compare
>'to_localhost' ACL for download.docker.com
>> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>'download.docker.com': Name or service not known
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = -1
>async
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access#5 = -1
>async
>> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: http_access = -1 async
>> 2024/07/10 18:24:44.048 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting
>with FD 10
>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:
>received 144 bytes from X.X.X.X:53
>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:
>QID 0xc228, 5 answers
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for
>download.docker.com
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1
>108.138.7.18
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2
>108.138.7.33
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3
>108.138.7.48
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4
>108.138.7.88
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers for
>download.docker.com
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #1
>108.138.7.18
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #2
>108.138.7.33
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #3
>108.138.7.48
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #4
>108.138.7.88
>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1320) idnsRead: idnsRead: starting
>with FD 10
>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: idnsRead: FD 10:
>received 315 bytes from X.X.X.X:53
>> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: idnsGrokReply:
>QID 0x798c, 9 answers
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for
>download.docker.com
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5
>[2600:9000:2490:2200:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6
>[2600:9000:2490:3600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7
>[2600:9000:2490:7000:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8
>[2600:9000:2490:d600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9
>[2600:9000:2490:5a00:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10
>[2600:9000:2490:6600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11
>[2600:9000:2490:b600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12
>[2600:9000:2490:aa00:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with
>download.docker.com: 108.138.7.18 #1/12-0
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers for
>download.docker.com
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #5
>[2600:9000:2490:2200:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #6
>[2600:9000:2490:3600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #7
>[2600:9000:2490:7000:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #8
>[2600:9000:2490:d600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #9
>[2600:9000:2490:5a00:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #10
>[2600:9000:2490:6600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #11
>[2600:9000:2490:b600:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: download.docker.com #12
>[2600:9000:2490:aa00:3:db06:4200:93a1]
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done with
>download.docker.com: 108.138.7.18 #1/12-0
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(314) ipcacheRelease: ipcacheRelease:
>Releasing entry for 'download.docker.com'
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>'download.docker.com', flags=1
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: to_localhost = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:
>http_access#5 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#6 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#7 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: localhost = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#8 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: nocnet = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#9 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: EXTERNAL_DEV_CLIENTS =
>0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#10 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#11 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#12 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#13 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#14 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#15 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#16 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#17 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports = 1
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: !Safe_ports = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#18 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#19 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking
>'/linux/ubuntu/dists/jammy/InRelease'
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: worm = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#20 = 0
>> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname:
>'download.docker.com', flags=1
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.18' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.33' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.48' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '108.138.7.88' NOT
>found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp:
>'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_IPS = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#21 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>checking 'download.docker.com'
>> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>'download.docker.com' NOT found
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: http_access#22 = 0
>> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking
>'download.docker.com'
>> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: SEUCHEN_DOMAINS_REGEX
>= 0
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#23 = 0
>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' NOT
>found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: GERMANIA_PROXY = 0
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#24 = 0
>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-CLIENTS = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>checking 'download.docker.com'
>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>'download.docker.com' found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: REPOSITORY-ZIELE = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: http_access#25 = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: checked:
>http_access = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b5f334e8 answer
>ALLOWED for match
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:
>ACLChecklist::checkCallback: 0x5651b5f334e8 answer=ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:
>The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
>last ACL checked: REPOSITORY-ZIELE
>> 2024/07/10 18:24:44.050 kid1| 83,3| AccessCheck.cc(42) Start: adaptation off, skipping
>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1744) doCallouts: Doing
>calloutContext->clientAccessCheck2()
>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(693) clientAccessCheck2: No
>adapted_http_access configuration. default: ALLOW
>> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) clientAccessCheckDone:
>The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease is ALLOWED;
>last ACL checked: REPOSITORY-ZIELE
>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1762) doCallouts: Doing
>clientInterpretRequestHeaders()
>> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_request.cc(117) ~ClientRequestContext:
>ClientRequestContext destructed, this=0x5651b667b8b8
>> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1856) doCallouts: calling
>processRequest()
>> 2024/07/10 18:24:44.050 kid1| 87,3| clientStream.cc(178) clientStreamRead:
>clientStreamRead: Calling 1 with cbdata 0x5651b379fd80 from node 0x5651b6c14538
>> 2024/07/10 18:24:44.050 kid1| 73,3| HttpRequest.cc(742) storeId: sent back
>effectiveRequestUrl: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 20,3| Controller.cc(429) peek:
>D3522EE27FB0ED7004DD594AF7674667
>> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_reply.cc(1523) identifyFoundObject:
>StoreEntry is NULL -  MISS
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(731) storeCreatePureEntry:
>storeCreateEntry: 'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>> 2024/07/10 18:24:44.050 kid1| 20,3| MemObject.cc(99) MemObject: MemObject constructed,
>this=0x5651b3ae4fc0
>> 2024/07/10 18:24:44.050 kid1| 88,3| MemObject.cc(82) setUris: 0x5651b3ae4fc0 storeId:
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: storeCreateEntry locked key
>[null_store_key] e:=V/0x5651b365e210*1
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(537) setPrivateKey: 00
>e:=V/0x5651b365e210*1
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(413) hashInsert: StoreEntry::hashInsert:
>Inserting Entry e:=IV/0x5651b365e210*1 key '8349000000000000D107000001000000'
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client locked key
>8349000000000000D107000001000000 e:=IV/0x5651b365e210*2
>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(243) copy: store_client::copy:
>8349000000000000D107000001000000, from 0, for length 4096, cb 1, cbdata 0x5651b379ece8
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client::copy locked key
>8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(343) storeClientCopy2:
>storeClientCopy2: 8349000000000000D107000001000000
>> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(390) doCopy: store_client::doCopy:
>Waiting for more
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: store_client::copy unlocking
>key 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c09e30 checking
>fast rules
>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181:59100'
>found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access#1 = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: miss_access = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c09e30 answer
>ALLOWED for match
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(373) Start:
>'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease'
>> 2024/07/10 18:24:44.050 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding client request
>conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1,
>url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: FwdState locked key
>8349000000000000D107000001000000 e:=IV/0x5651b365e210*3
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(140) FwdState: FwdState constructed,
>this=0x5651b695faf8
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(309) peerSelect:
>e:=IV/0x5651b365e210*3 https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: peerSelect locked key
>8349000000000000D107000001000000 e:=IV/0x5651b365e210*4
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET
>download.docker.com
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(617) selectMore: direct =
>DIRECT_UNKNOWN (always_direct to be checked)
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x5651b56d0d38 checking
>slow rules
>> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: '10.2.59.181' found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct#1 = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: always_direct = 1
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: 0x5651b56d0d38 answer
>ALLOWED for match
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback:
>ACLChecklist::checkCallback: 0x5651b56d0d38 answer=ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(373) checkAlwaysDirectDone: ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(379) checkAlwaysDirectDone: direct =
>DIRECT_YES (always_direct allow)
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET
>download.docker.com
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(1102) addSelection: adding
>HIER_DIRECT#download.docker.com
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(460) resolveSelected: Find IP
>destination for: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' via
>download.docker.com
>> 2024/07/10 18:24:44.050 kid1| 14,3| Address.cc(389) lookupHostIP: Given Non-IP
>'download.docker.com': Name or service not known
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482176 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1, destination #1
>for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482176
>local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths to
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482177 local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1, destination #2
>for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482177
>local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482178 local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1, destination #3
>for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482178
>local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482179 local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1, destination #4
>for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482179
>local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482180 local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #5 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482180
>local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482181 local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #6 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482181
>local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482182 local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #7 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482182
>local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482183 local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #8 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482183
>local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482184 local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #9 for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482184
>local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482185 local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #10 for
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482185
>local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482186 local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #11 for
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482186
>local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: PeerSelector64364
>found conn482187 local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT
>flags=1, destination #12 for
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath:   always_direct =
>ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath:    never_direct =
>DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath:        timedout = 0
>> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: conn482187
>local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT flags=1
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(479) resolveSelected:
>PeerSelector64364 found all 12 destinations for
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(480) resolveSelected:   always_direct
>= ALLOWED
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(481) resolveSelected:    never_direct
>= DUNNO
>> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(482) resolveSelected:        timedout
>= 0
>> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(241) ~PeerSelector:
>https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: peerSelect unlocking key
>8349000000000000D107000001000000 e:=p2IV/0x5651b365e210*4
>> 2024/07/10 18:24:44.050 kid1| 48,3| pconn.cc(474) popStored: lookup for key
>{108.138.7.18:443/download.docker.com} failed.
>> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: 0x7ffef6c0a460 checking
>fast ACLs
>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: aclMatchDomainList:
>checking 'download.docker.com'
>> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: aclMatchDomainList:
>'download.docker.com' NOT found
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: SKIP_PALO_DOMAINS_FAST
>= 0
>> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked:
>!SKIP_PALO_DOMAINS_FAST = 1
>> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: (tcp_outgoing_mark
>0x14 line) = 1
>> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: tcp_outgoing_mark 0x14
>= 1
>> 2024/07/10 18:24:44.051 kid1| 28,3| Checklist.cc(62) markFinished: 0x7ffef6c0a460 answer
>ALLOWED for match
>> 2024/07/10 18:24:44.051 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: from 0.0.0.0
>tos 0 netfilter mark 20
>> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will connect to
>conn482189 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1 with 60 timeout
>> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: Attempt open
>socket for: 0.0.0.0
>> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: Opened socket
>conn482190 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, protocol=6
>> 2024/07/10 18:24:44.051 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19
>download.docker.com
>> 2024/07/10 18:24:44.051 kid1| 50,3| QosConfig.cc(581) setSockNfmark: for FD 19 to 20
>> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(312) createFd: conn482189 local=0.0.0.0
>remote=108.138.7.18:443 HIER_DIRECT flags=1 will timeout in 60
>> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown
>Handshake packet
>> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
>> 2024/07/10 18:24:44.058 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189
>local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout 60
>> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(161) Handshake: handshake IN: Unknown
>Handshake packet
>> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: CLIENT HELLO
>> 2024/07/10 18:24:44.064 kid1| 83,2| PeerConnector.cc(279) handleNegotiationResult:
>ERROR: Cannot establish a TLS connection to conn482189 local=X.X.X.X:36718
>remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1:
>>      problem: failure
>>      detail: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED
>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(625) commUnsetConnTimeout: Remove timeout for
>conn482189 local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1
>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482189
>local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout -1
>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(850) _comm_close: start closing FD 19 by
>Connection.cc:108
>> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove timeout for
>FD 19
>> 2024/07/10 18:24:44.064 kid1| 83,3| Session.cc(36) tls_read_method: started for
>session=0x5651b404d2c0
>> 2024/07/10 18:24:44.064 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 server https
>start
>> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(471) fail: ERR_SECURE_CONNECT_FAIL
>"Service Unavailable"
>> 	https://download.docker.com/linux/ubuntu/dists/jammy/InRelease
>> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(781) retryOrBail: re-forwarding (1
>tries, 0 secs)


More information about the squid-users mailing list