Search squid archive

Re: Squid won't load certain pages.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



But other URLs at wiki.squid-cache.org work?



Adrian

On Wed, Apr 09, 2008, C. Ham wrote:
> It's a problem which started up between 1 and 2 months ago, though I'm
> unfortunately unsure exactly when so I can't tie it to a particular
> update or similar.
> 
> Before I submit a bug, it might be best to check I'm not just being
> thick. To clarify, it seems there may well be two issues:
> 
> http://wiki.squid-cache.org/SquidFaq/SquidAcl gives "(110) Connection
> timed out" eventually.  Checking a Wireshark dump shows that no traffic
> above the tcp layer occurs: no actual HTTP requests get made, just a lot
> of syns and acks with the same sort of errors as for this next address.
> 
> http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 does
> actually load, though on closer inspection, they're are various tcp
> issues showing up in the network dump: "A segment before this frame was
> lost," "Duplicate to the ACK in frame: 65," & "This frame is a
> (suspected) out-of-order segment."
> 
> Both issues are (sadly) reproducible 100% at the minute, tested on
> Firefox 2.0.x & Fedora core 8 (x86_64) fully patched and IE 6 on WinXP
> pro (x86_32) fully patched.
> 
> Beneath is also the contents of /proc/sys/net/ipv4/tcp_* in case I've
> missed some ECN / window scaling / MTU / etc. type thing.
> 
> Much obliged,
> 
> 
> Callum.
> 
> 
> 
> Contents of /proc/sys/net/ipv4/tcp_* :
> 
> /proc/sys/net/ipv4/tcp_abc
> 
> /proc/sys/net/ipv4/tcp_abort_on_overflow
> 
> /proc/sys/net/ipv4/tcp_adv_win_scale
> 
> /proc/sys/net/ipv4/tcp_allowed_congestion_control
> 
> /proc/sys/net/ipv4/tcp_app_win
> 
> /proc/sys/net/ipv4/tcp_available_congestion_control
> 
> /proc/sys/net/ipv4/tcp_base_mss
> 
> /proc/sys/net/ipv4/tcp_congestion_control
> 
> /proc/sys/net/ipv4/tcp_dma_copybreak
> 
> /proc/sys/net/ipv4/tcp_dsack
> 
> /proc/sys/net/ipv4/tcp_ecn
> 
> /proc/sys/net/ipv4/tcp_fack
> 
> /proc/sys/net/ipv4/tcp_fin_timeout
> 
> /proc/sys/net/ipv4/tcp_frto
> 
> /proc/sys/net/ipv4/tcp_frto_response
> 
> /proc/sys/net/ipv4/tcp_keepalive_intvl
> 
> /proc/sys/net/ipv4/tcp_keepalive_probes
> 
> /proc/sys/net/ipv4/tcp_keepalive_time
> 
> /proc/sys/net/ipv4/tcp_low_latency
> 
> /proc/sys/net/ipv4/tcp_max_orphans
> 
> /proc/sys/net/ipv4/tcp_max_ssthresh
> 
> /proc/sys/net/ipv4/tcp_max_syn_backlog
> 
> /proc/sys/net/ipv4/tcp_max_tw_buckets
> 
> /proc/sys/net/ipv4/tcp_mem
> 
> /proc/sys/net/ipv4/tcp_moderate_rcvbuf
> 
> /proc/sys/net/ipv4/tcp_mtu_probing
> 
> /proc/sys/net/ipv4/tcp_no_metrics_save
> 
> /proc/sys/net/ipv4/tcp_orphan_retries
> 
> /proc/sys/net/ipv4/tcp_reordering
> 
> /proc/sys/net/ipv4/tcp_retrans_collapse
> 
> /proc/sys/net/ipv4/tcp_retries1
> 
> /proc/sys/net/ipv4/tcp_retries2
> 
> /proc/sys/net/ipv4/tcp_rfc1337
> 
> /proc/sys/net/ipv4/tcp_rmem
> 
> /proc/sys/net/ipv4/tcp_sack
> 
> /proc/sys/net/ipv4/tcp_slow_start_after_idle
> 
> /proc/sys/net/ipv4/tcp_stdurg
> 
> /proc/sys/net/ipv4/tcp_synack_retries
> 
> /proc/sys/net/ipv4/tcp_syncookies
> 
> /proc/sys/net/ipv4/tcp_syn_retries
> 
> /proc/sys/net/ipv4/tcp_timestamps
> 
> /proc/sys/net/ipv4/tcp_tso_win_divisor
> 
> /proc/sys/net/ipv4/tcp_tw_recycle
> 
> /proc/sys/net/ipv4/tcp_tw_reuse
> 
> /proc/sys/net/ipv4/tcp_window_scaling
> 
> /proc/sys/net/ipv4/tcp_wmem
> 
> /proc/sys/net/ipv4/tcp_workaround_signed_windows
> 
> 
> 0
> 
> 0
> 
> 2
> 
> cubic reno
> 
> 31
> 
> cubic reno
> 
> 512
> 
> cubic
> 
> 4096
> 
> 1
> 
> 0
> 
> 1
> 
> 30
> 
> 0
> 
> 0
> 
> 75
> 
> 9
> 
> 1800
> 
> 0
> 
> 32768
> 
> 0
> 
> 64
> 
> 180000
> 
> 390144 520192 780288
> 1
> 
> 0
> 
> 0
> 
> 0
> 
> 5
> 
> 1
> 
> 3
> 
> 15
> 
> 0
> 
> 4096 87380 4194304
> 
> 0
> 
> 1
> 
> 0
> 
> 3
> 
> 1
> 
> 6
> 
> 0
> 
> 3
> 
> 0
> 
> 0
> 
> 0
> 
> 4096 16384 4194304
> 
> 0
> 
> 
> 
> 
> On Wed, 2008-04-09 at 20:02 +0800, Adrian Chadd wrote:
> > On Wed, Apr 09, 2008, C. Ham wrote:
> > > Like http://wiki.squid-cache.org/SquidFaq/SquidAcl &
> > 
> > Is that reproducable for you 100%? If so, could you please take a wireshark/tcpdump
> > snapshot of the traffic exchange from server to Squid and then put it into the
> > Squid bugzilla?
> > 
> > Thanks,
> > 
> > 
> > Adrian
> > 
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 for a
> > > start.  Both load fine if I bypass Squid, but neither will load properly
> > > if I try and retrieve them via Squid.  They'll take between 5 & 15
> > > minutes to arrive and when they do, the content is usually partial and
> > > the layout decidedly wrong.
> > > 
> > > I've trawled though all the usual: ECN, tcp windows, OS specific things
> > > and have set Wireshark loose on it.  The networks dumps just show Yahoo
> > > mail working fine for the initial logon and subsequent referrals, but as
> > > soon as it leaves the SSL session having verified the session
> > > authentication and tries to retrieve the actual mail front page,
> > > (http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 for
> > > example) it slows to a crawl.  Other than the speed I can't see anything
> > > actually going wrong.
> > > 
> > > I also get this on a variety of other sites, especially
> > > www.guardian.co.uk and sometimes www.direct.gov.uk. 
> > > 
> > > Any help would be much appreciated as I've got disgruntled students /
> > > tutors / staff and I'm very much in need of gruntling them again.  If
> > > that's a word.  If not, I'll settle for quietening them down.
> > > 
> > > Thanks,
> > > 
> > > 
> > > Callum.
> > > 
> > > 
> > > Stuff of note:
> > > 
> > > Browsers: IE 6.x & Firefox 2.0.X
> > > Fedora Core 7.
> > > Kernel 2.6.23.15-80.fc7  on an i686 - Intel(R) Xeon - GNU/Linux.
> > > squid-2.6.STABLE16-4.fc7 (Fc7 rpm).
> > > 
> > > Non defaults from squid.conf:
> > > 
> > > http_port 10.3.0.1:3128
> > > hierarchy_stoplist cgi-bin ?
> > > acl QUERY urlpath_regex cgi-bin \? showFolder asp 
> > > no_cache deny QUERY
> > > cache_mem 512 MB
> > > cache_swap_low 50
> > > cache_swap_high 95
> > > maximum_object_size 8192 KB
> > > cache_dir ufs /var/spool/squid 10000 16 256
> > > cache_dir ufs /var/spool/squid2 10000 16 256
> > > cache_access_log /var/log/squid/access.log
> > > debug_options ALL,3
> > > dns_nameservers 10.3.0.1 10.3.0.2
> > > redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
> > > auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> > > "dc=quack,dc=org,dc=local" -D
> > > "cn=LDAP_guest,OU=ADMIN,DC=quack,DC=org,DC=local" -w "XXXXXX" -f
> > > sAMAccountName=%s -h 10.3.0.3
> > >     auth_param basic children 5
> > >     auth_param basic realm "Donkey Centre"
> > >     auth_param basic credentialsttl 5 minutes
> > > auth_param basic children 5
> > > auth_param basic realm Squid proxy-caching web server
> > > auth_param basic credentialsttl 2 hours
> > > auth_param basic casesensitive off
> > > external_acl_type InetUsersGroup %LOGIN /usr/lib/squid/squid_ldap_group
> > > -R -b "dc=quack,dc=org,dc=local" -D
> > > "cn=LDAP_guest,OU=ADMIN,DC=quack,DC=org,DC=local" -w "XXXXXX" -f
> > > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%
> > > a,ou=users,dc=quack,dc=org,dc=local))" -h 10.3.0.2
> > > refresh_pattern ^ftp:		1440	20%	10080
> > > refresh_pattern ^gopher:	1440	0%	1440
> > > refresh_pattern .		0	20%	4320
> > > acl all src 0.0.0.0/0.0.0.0
> > > acl manager proto cache_object
> > > acl localhost src 127.0.0.1/255.255.255.255
> > > acl to_localhost dst 127.0.0.0/8
> > > acl SSL_ports port 443 563 2083
> > > acl localip src 10.0.0.0/8
> > > acl PURGE method PURGE
> > > acl apache src 10.0.0.0/8
> > > acl localnet proxy_auth REQUIRED src 10.0.0.0/8
> > > acl InetAccess external InetUsersGroup SquidUsers
> > > acl CONNECT method CONNECT
> > > http_access allow PURGE localhost
> > > http_access allow manager localip
> > > http_access allow manager apache
> > > http_access allow InetAccess
> > > http_access deny manager
> > > http_access deny !Safe_ports
> > > http_access deny CONNECT !SSL_ports
> > > acl our_networks src 10.0.0.0/8
> > > http_access allow our_networks
> > > http_access allow localhost
> > > http_access deny all
> > > http_reply_access allow all
> > > icp_access allow all
> > > cache_mgr postmaster@xxxxxxxxxxxxxxxxxxx
> > > mail_from squid@xxxxxxxxxxxxxxxxxxx
> > > visible_hostname gate.quack.ducks.com.etc
> > > cachemgr_passwd XXXXXX all
> > > coredump_dir /var/spool/squid
> > > extension_methods REPORT MERGE MKACTIVITY CHECKOUT
> > > 
> > > 
> > > Excerpt from cache.log following request for
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0:
> > > 
> > > 2008/04/08 15:57:00| fwdConnectStart:
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
> > > 2008/04/08 15:57:00| fwdConnectStart: got addr 0.0.0.0, tos 0
> > > 2008/04/08 15:57:00| fd_open FD 39
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cdd798
> > > 2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 60
> > > 2008/04/08 15:57:00| commConnectStart: FD 39, uk.mc260.mail.yahoo.com:80
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cdd798
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cdd7e8
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cdd7e8
> > > 2008/04/08 15:57:00| cbdataValid: 0x8cdd7e8
> > > 2008/04/08 15:57:00| ipcacheCycleAddr: uk.mc260.mail.yahoo.com now at
> > > 87.248.111.187
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cdd7e8
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cdd798
> > > 2008/04/08 15:57:00| storeUnlockObject: key
> > > '27D91622B3E024FF88542C1541F6B2D3' count=3
> > > 2008/04/08 15:57:00| cbdataFree: 0x8bec610
> > > 2008/04/08 15:57:00| cbdataFree: Freeing 0x8bec610
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
> > > 2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
> > > 2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
> > > 2008/04/08 15:57:00| cbdataFree: 0x8d127a0
> > > 2008/04/08 15:57:00| cbdataFree: 0x8d127a0 has 1 locks, not freeing
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d127a0
> > > 2008/04/08 15:57:00| cbdataUnlock: Freeing 0x8d127a0
> > > 2008/04/08 15:57:00| comm_select: timeout 488
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cdd7e8
> > > 2008/04/08 15:57:00| commSetTimeout: FD 39 timeout -1
> > > 2008/04/08 15:57:00| commConnectFree: FD 39
> > > 2008/04/08 15:57:00| cbdataFree: 0x8cdd7e8
> > > 2008/04/08 15:57:00| cbdataFree: Freeing 0x8cdd7e8
> > > 2008/04/08 15:57:00| cbdataValid: 0x8cdd798
> > > 2008/04/08 15:57:00| fwdConnectDone: FD 39:
> > > 'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
> > > 2008/04/08 15:57:00| fwdDispatch: FD 34: Fetching 'GET
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
> > > 2008/04/08 15:57:00| httpStart: "GET
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0";
> > > 2008/04/08 15:57:00| storeLockObject: key
> > > '27D91622B3E024FF88542C1541F6B2D3' count=4
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cead28
> > > 2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 86400
> > > 2008/04/08 15:57:00| getMaxAge:
> > > 'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cead28
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cdd798
> > > 2008/04/08 15:57:00| comm_select: timeout 433
> > > 2008/04/08 15:57:00| cbdataValid: 0x8cead28
> > > 2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 900
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cead28
> > > 2008/04/08 15:57:00| comm_select: timeout 433
> > > 2008/04/08 15:57:00| ctx: enter level  0:
> > > 'http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0'
> > > 2008/04/08 15:57:00| httpProcessReplyHeader: key
> > > '27D91622B3E024FF88542C1541F6B2D3'
> > > 2008/04/08 15:57:00| httpProcessReplyHeader: HTTP CODE: 200
> > > 2008/04/08 15:57:00| storeExpireNow: '27D91622B3E024FF88542C1541F6B2D3'
> > > 2008/04/08 15:57:00| storeGet: looking up
> > > 88ECBC523E9AEA95834A7F145E64EC69
> > > 2008/04/08 15:57:00| storeGet: looking up
> > > 199F1E34B1E329E02396FA9A41720E7A
> > > 2008/04/08 15:57:00| ctx: exit level  0
> > > 2008/04/08 15:57:00| InvokeHandlers: 27D91622B3E024FF88542C1541F6B2D3
> > > 2008/04/08 15:57:00| InvokeHandlers: checking client #0
> > > 2008/04/08 15:57:00| cbdataLock: 0x8d87958
> > > 2008/04/08 15:57:00| storeClientCopy2: 27D91622B3E024FF88542C1541F6B2D3
> > > 2008/04/08 15:57:00| storeClientCopy3: Copying from memory
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| clientBuildReplyHeader: can't keep-alive, unknown
> > > body size
> > > 2008/04/08 15:57:00| cbdataLock: 0x88e9558
> > > 2008/04/08 15:57:00| cbdataLock: 0x8d8c0e0
> > > 2008/04/08 15:57:00| aclMatchAclList: checking all
> > > 2008/04/08 15:57:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> > > 2008/04/08 15:57:00| aclMatchIp: '10.2.2.16' found
> > > 2008/04/08 15:57:00| aclMatchAclList: returning 1
> > > 2008/04/08 15:57:00| httpReplyBodyBuildSize: Setting maxBodySize to 0
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x88e9558
> > > 2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
> > > 2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
> > > 2008/04/08 15:57:00| clientSendMoreHeaderData: Appending 1628 bytes
> > > after 414 bytes of headers
> > > 2008/04/08 15:57:00| cbdataLock: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataLock: 0x88e9a18
> > > 2008/04/08 15:57:00| cbdataLock: 0x8d8c0e0
> > > 2008/04/08 15:57:00| cbdataLock: 0x8cd8750
> > > 2008/04/08 15:57:00| cbdataValid: 0x88e9a18
> > > 2008/04/08 15:57:00| aclCheck: checking 'http_reply_access allow all'
> > > 2008/04/08 15:57:00| aclMatchAclList: checking all
> > > 2008/04/08 15:57:00| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> > > 2008/04/08 15:57:00| aclMatchIp: '10.2.2.16' found
> > > 2008/04/08 15:57:00| aclMatchAclList: returning 1
> > > 2008/04/08 15:57:00| aclCheck: match found, returning 1
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x88e9a18
> > > 2008/04/08 15:57:00| aclCheckCallback: answer=1
> > > 2008/04/08 15:57:00| cbdataValid: 0x8cd8750
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| The reply for GET
> > > http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0 is
> > > ALLOWED, because it matched 'all'
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataFree: 0x8cd8750
> > > 2008/04/08 15:57:00| cbdataFree: 0x8cd8750 has 1 locks, not freeing
> > > 2008/04/08 15:57:00| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataLock: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8cd8750
> > > 2008/04/08 15:57:00| cbdataUnlock: Freeing 0x8cd8750
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d8c0e0
> > > 2008/04/08 15:57:00| cbdataFree: 0x8bd9a90
> > > 2008/04/08 15:57:00| cbdataFree: Freeing 0x8bd9a90
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d094a8
> > > 2008/04/08 15:57:00| cbdataUnlock: 0x8d87958
> > > 2008/04/08 15:57:00| commSetTimeout: FD 39 timeout 900
> > > 2008/04/08 15:57:01| comm_select: timeout 350
> > > 2008/04/08 15:57:01| cbdataValid: 0x8d094a8
> > > 2008/04/08 15:57:01| storeClientCopy: 27D91622B3E024FF88542C1541F6B2D3,
> > > seen 2042, want 2042, size 4096, cb 0x806cc8f, cbdata 0x8d094a8
> > > 2008/04/08 15:57:01| cbdataLock: 0x8d094a8
> > > 2008/04/08 15:57:01| cbdataLock: 0x8d87958
> > > 2008/04/08 15:57:01| storeClientCopy2: 27D91622B3E024FF88542C1541F6B2D3
> > > 2008/04/08 15:57:01| storeClientCopy3: Waiting for more
> > > 2008/04/08 15:57:01| cbdataUnlock: 0x8d87958
> > > 2008/04/08 15:57:01| cbdataUnlock: 0x8d094a8
> > > 2008/04/08 15:57:01| comm_select: timeout 350
> > > 2008/04/08 15:57:01| fd_open FD 76 HTTP Request
> > > 2008/04/08 15:57:01| cbdataLock: 0x88e58a8
> > > 2008/04/08 15:57:01| cbdataLock: 0x8db16e8
> > > 2008/04/08 15:57:01| commSetTimeout: FD 76 timeout 300
> > > 2008/04/08 15:57:01| aclMatchAclList: checking all
> > > 2008/04/08 15:57:01| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
> > > 2008/04/08 15:57:01| aclMatchIp: '10.2.2.16' found
> > > 2008/04/08 15:57:01| aclMatchAclList: returning 1
> > > 2008/04/08 15:57:01| comm_select: timeout 331
> > > 2008/04/08 15:57:01| cbdataLock: 0x8db16e8
> > > 2008/04/08 15:57:01| parseHttpRequest: req_hdr = {Host: mail.yimg.com
> > > User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-GB; rv:1.8.1.13)
> > > Gecko/20080325 Fedora/2.0.0.13-1.fc8 Firefox/2.0.0.13
> > > Accept: image/png,*/*;q=0.5
> > > Accept-Language: en-gb
> > > Accept-Encoding: gzip,deflate
> > > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> > > Keep-Alive: 300
> > > Proxy-Connection: keep-alive
> > > Referer: http://uk.mc260.mail.yahoo.com/mc/welcome?.rand=21mu9pvlq1uo0
> > > Proxy-Authorization: Basic XXXXXXXXXXXXXXX
> > > 
> > > }
> > 

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux