Re: Squid Parent: child process exited due to signal 6

Matt Alexander <lowbassman@xxxxxxxxx> · Tue, 26 Jul 2005 11:37:49 -0700

On 7/26/05, Matt Alexander <lowbassman@xxxxxxxxx> wrote:
> On 7/22/05, Matt Alexander <lowbassman@xxxxxxxxx > wrote:
> > Matt Alexander wrote:
> >
> > >I'm drowning in these messages (about every 10 seconds) since the last
> > >patch for the DNS vulnerability.  Users then get failed connection
> > >messages.  Is there a bug in the patch?
> > >
> > >Jul 22 09:17:59 proxy squid[16549]: Squid Parent: child process 20248
> > >exited due to signal 6
> > >Jul 22 09:18:02 proxy squid[16549]: Squid Parent: child process 21970 started
> > >
> > >
> 
> 
> This happens consistently when the website,
> http://www.k12foodservice.com/ is accessed.  Can someone tell me if
> this is a configuration issue that I can resolve?  We have two Squid
> processes with DansGuardian in between.
> RedHat ES 4, squid-2.5.STABLE6-3.4E.9, dansguardian-2.8.0.4-1.fc3
> 
> /etc/squid/squid.conf:
> 
> http_port 8080 2542
> icp_port 0
> cache_peer 127.0.0.1 parent 2543 7 proxy-only no-query
> no-netdb-exchange login=*:nopassword default
> cache_mem 64 MB
> maximum_object_size 1024 KB
> cache_dir aufs /var/spool/squid 500 16 256
> cache_store_log none
> pid_filename /var/run/squid.pid
> ftp_user anonymous@xxxxxxx 
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 50
> auth_param ntlm use_ntlm_negotiate on # Testing
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 30
> auth_param basic realm Web Proxy
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> half_closed_clients off
> acl localhost src 127.0.0.1/255.255.255.255 
> http_access allow localhost
> acl allow_url dstdomain "/etc/squid/squidbypass.txt"
> http_access allow allow_url
> external_acl_type nt_group concurrency=20 %LOGIN /usr/lib/squid/wbinfo_group.pl
> acl internetusers external nt_group internet
> http_access allow internetusers
> acl all src 0.0.0.0/0.0.0.0 
> http_access deny all
> http_reply_access allow all
> http_reply_access allow all
> icp_access deny all
> cache_mgr admin@xxxxxxx 
> forwarded_for off
> cachemgr_passwd feefifofum all
> never_direct allow all
> coredump_dir /var/spool/squid
> 
> 
> /etc/squid/squid2.conf:
> 
> cache_effective_user squid2
> http_port 127.0.0.1:3128 
> icp_port 0
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> acl QUERY urlpath_regex download
> acl QUERY urlpath_regex exe
> acl QUERY urlpath_regex zip
> acl QUERY urlpath_regex 160
> no_cache deny QUERY
> acl uncacheddomains url_regex managepro
> acl uncacheddomains url_regex performancesolutionstech
> no_cache deny uncacheddomains
> acl uncachedip dst 66.70.66.75/255.255.255.255 
> no_cache deny uncachedip
> cache_mem 64 MB
> maximum_object_size 1024 KB
> maximum_object_size_in_memory 64 KB
> cache_dir aufs /var/spool/squid2 500 16 256
> cache_access_log /var/log/squid2/access.log
> cache_log /var/log/squid2/cache.log
> cache_store_log none
> pid_filename /var/run/squid2.pid
> ftp_user anonymous@xxxxxxx 
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern -i \.sit$ 10080 80% 20160
> refresh_pattern -i \.zip$ 10080 80% 20160
> refresh_pattern -i \.hqx$ 10080 80% 20160
> refresh_pattern -i \.exe$ 10080 80% 20160
> refresh_pattern -i \.arj$ 10080 80% 20160
> refresh_pattern -i \.lzh$ 10080 80% 20160
> refresh_pattern -i \.lha$ 10080 80% 20160
> refresh_pattern -i \.cab$ 10080 80% 20160
> refresh_pattern -i \.rar$ 10080 80% 20160
> refresh_pattern -i \.tar$ 10080 80% 20160
> refresh_pattern -i \.gz$ 10080 80% 20160
> refresh_pattern -i \.Z$ 10080 80% 20160
> refresh_pattern -i \.txt$ 10080 80% 20160
> refresh_pattern -i \.pdf$ 10080 80% 20160
> refresh_pattern -i \.doc$ 10080 80% 20160
> refresh_pattern -i \.rtf$ 10080 80% 20160
> refresh_pattern -i \.gif$ 10080 80% 20160
> refresh_pattern -i \.tiff?$ 10080 80% 20160
> refresh_pattern -i \.bmp$ 10080 80% 20160
> refresh_pattern -i \.jpe?g$ 10080 80% 20160
> refresh_pattern -i \.p(n|b|g|p)m$ 10080 80% 20160
> refresh_pattern -i \.x(b|p)m$ 10080 80% 20160
> refresh_pattern -i \.png$ 10080 80% 20160
> refresh_pattern -i \.wrl$ 10080 80% 20160
> refresh_pattern -i \.ico$ 10080 80% 20160
> refresh_pattern -i \.rgb$ 10080 80% 20160
> refresh_pattern -i \.xwd$ 10080 80% 20160
> refresh_pattern -i \.pict?$ 10080 80% 20160
> refresh_pattern -i \.wav$ 10080 80% 20160
> refresh_pattern -i \.aif$ 10080 80% 20160
> refresh_pattern -i \.aiff$ 10080 80% 20160
> refresh_pattern -i \.au$ 10080 80% 20160
> refresh_pattern -i \.ram$ 10080 80% 20160
> refresh_pattern -i \.ra$ 10080 80% 20160
> refresh_pattern -i \.snd$ 10080 80% 20160
> refresh_pattern -i \.mid$ 10080 80% 20160
> refresh_pattern -i \.mp2$ 10080 80% 20160
> refresh_pattern -i \.mp3$ 10080 80% 20160
> refresh_pattern -i \.mp2$ 10080 80% 20160
> refresh_pattern -i \.mp3$ 10080 80% 20160
> refresh_pattern \.css$ 1440 50% 4320
> refresh_pattern \.htm$ 1440 50% 4320
> refresh_pattern \.html$ 1440 50% 4320
> refresh_pattern \.xml$ 1440 50% 4320
> refresh_pattern \.js$ 1440 50% 4320
> refresh_pattern \/$ 1440 50% 4320
> refresh_pattern .               0       20%     4320
> half_closed_clients off
> acl all src 0.0.0.0/0.0.0.0 
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255 
> acl to_localhost dst 127.0.0.0/8 
> http_access allow all
> http_access allow manager all
> http_access deny manager
> http_access allow localhost
> http_reply_access allow all
> cache_mgr admin@xxxxxxx 
> forwarded_for off
> cachemgr_passwd cachemgr all
> coredump_dir /var/spool/squid2
> 
> 
> /etc/dansguardian/dansguardian.conf:
> 
> reportinglevel = 3
> languagedir = '/etc/dansguardian/languages'
> language = 'ukenglish'
> loglevel = 2
> logexceptionhits = off
> logfileformat = 1
> filterip = 127.0.0.1 
> filterport = 2543
> proxyip = 127.0.0.1 
> proxyport = 3128
> accessdeniedaddress = 'http://proxy.foo.com/cgi-bin/dansguardian.pl '
> nonstandarddelimiter = on
> usecustombannedimage = 1
> custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
> filtergroups = 1
> filtergroupslist = '/etc/dansguardian/filtergroupslist'
> bannediplist = '/etc/dansguardian/bannediplist'
> exceptioniplist = '/etc/dansguardian/exceptioniplist'
> banneduserlist = '/etc/dansguardian/banneduserlist'
> exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
> showweightedfound = off
> weightedphrasemode = 1
> urlcachenumber = 3000
> urlcacheage = 1800
> phrasefiltermode = 1
> preservecase = 0
> hexdecodecontent = 0
> forcequicksearch = 0
> reverseaddresslookups = off
> reverseclientiplookups = off
> createlistcachefiles = on
> maxuploadsize = -1
> maxcontentfiltersize = 256
> usernameidmethodproxyauth = on
> usernameidmethodntlm = off # **NOT IMPLEMENTED**
> usernameidmethodident = off
> preemptivebanning = off
> forwardedfor = off
> usexforwardedfor = off
> logconnectionhandlingerrors = off
> maxchildren = 180
> minchildren = 32
> minsparechildren = 8
> preforkchildren = 10
> maxsparechildren = 64
> maxagechildren = 10000
> ipcfilename = '/tmp/.dguardianipc'
> urlipcfilename = '/tmp/.dguardianurlipc'
> nodaemon = off
> nologger = off
> daemonuser = 'dansg'
> daemongroup = 'dansg'
> softrestart = off

I see these errors in the cache.log right before each restart:

[2005/07/26 11:25:02, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2005/07/26 11:25:02, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2005/07/26 11:25:03, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2005/07/26 11:25:10, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
2005/07/26 11:27:17| clientdbGC: Removed 5 entries
[2005/07/26 11:27:25, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:28:14, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:28:25, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2005/07/26 11:28:25, 1] libsmb/ntlmssp.c:ntlmssp_server_auth(549)
  ntlmssp_server_auth: failed to parse NTLMSSP:
[2005/07/26 11:28:35, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:28:36, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:28:57, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:29:12, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
  got NTLMSSP command 3, expected 1
[2005/07/26 11:29:12, 1] libsmb/ntlmssp.c:ntlmssp_update(252)

Any ideas?
Thanks,
~Matt