Search squid archive

possible bug on 2.7S9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




    Hi,

i'll try to describe with the most details i can what i think is something like a forwarding-loop-detection bug on 2.7S9

i have squid 2.7S9 running on a CentOS 5.5 x64 box whici has 4 NICs. 3 NICs are for internal networks (192.168.x) and 1 NIC is for internet (189.73.x.x). It was built with:

[root@firewall squid]# squid -v
Squid Cache: Version 2.7.STABLE9
configure options: '--prefix=/usr' '--exec-prefix=/usr/bin' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--libexecdir=/usr/bin' '--sysconfdir=/etc/squid' '--datadir=/var/squid' '--localstatedir=/var' '--enable-removal-policies=heap,lru' '--enable-storeio=ufs,aufs,null' '--enable-delay-pools' '--enable-http-violations' '--with-maxfd=8192' '--enable-async-io=8' '--enable-err-languages=Portuguese English' '--enable-default-err-language=Portuguese' '--enable-snmp' '--disable-ident-lookups' '--enable-linux-netfilter' '--enable-auth=basic digest ntlm negotiate' '--enable-basic-auth-helpers=DB LDAP NCSA SMB' '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user ldap_group session wbinfo_group' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-ntlm-auth-helpers=fakeauth no_check' '--enable-useragent-log' '--enable-referer-log' '--disable-wccp' '--disable-wccpv2' '--enable-arp-acl' '--with-large-files' '--enable-large-cache-files' '--enable-ssl' '--enable-icmp'


    i've setup squid with something like:

acl localhost src 127.0.0.1/255.255.255.255
acl localhost_to dst 127.0.0.1/255.255.255.255

acl network1 src 192.168.1.0/255.255.255.0
acl network1_to dst 192.168.1.0/255.255.255.0

acl network2 src 192.168.2.0/255.255.255.0
acl network2_to dst 192.168.2.0/255.255.255.0

acl network3 src 192.168.3.0/255.255.255.0
acl network3_to dst 192.168.3.0/255.255.255.0

http_port 8080 transparent
http_port 3128 transparent

tcp_outgoing_address 127.0.0.1 localhost_to
tcp_outgoing_address 192.168.1.1 network1_to
tcp_outgoing_address 192.168.2.1 network2_to
tcp_outgoing_address 192.168.3.1 network3_to
tcp_outgoing_address 189.73.x.x all



    config is OK, it runs just fine.

problem is, on a given day, squid stop responding new connections and i have to stop it (service squid stop). After searching logs, i have found some interesting requests:


1288136326.944 48437 192.168.2.15 TCP_MISS/000 0 GET http://localhost:8080/sync/sis/index.php - DIRECT/127.0.0.1 - 1288136326.944 48426 127.0.0.1 TCP_MISS/000 0 GET http://localhost:8080/sync/sis/index.php - DIRECT/127.0.0.1 -
(and this second line repeated about 13000 times)

    and during these, i got also on cache.log:

2010/10/26 21:37:59| WARNING! Your cache is running out of filedescriptors
2010/10/26 21:38:15| WARNING! Your cache is running out of filedescriptors
2010/10/26 21:38:31| WARNING! Your cache is running out of filedescriptors
2010/10/26 21:38:48| WARNING! Your cache is running out of filedescriptors
2010/10/26 21:39:04| WARNING! Your cache is running out of filedescriptors
2010/10/26 21:39:20| WARNING! Your cache is running out of filedescriptors

i'm running with 8192 filedescriptors on a 150 clients network, that's more than enough filedescriptors for normal usage.

(from cache.log)
2010/10/31 12:27:50| Starting Squid Cache version 2.7.STABLE9 for x86_64-unknown-linux-gnu...
2010/10/31 12:27:50| Process ID 16093
2010/10/31 12:27:50| With 8192 file descriptors available


Well ..... after found that, i tried to reproduce it doing some request to localhost:8080 on 8080 squid port and i could successfully reproduce it, all the times, with the above squid.conf configuration.

    after some tryings, i have found that:

1) removing the:
tcp_outgoing_address 127.0.0.1 localhost_to

would avoid the problem and make the forwarding-loop-detection works fine

2) removing the transparent from
http_port 8080 transparent

would avoid the problem too, even with the tcp_outgoing_address 127.0.0.1 active


question is ..... squid NOT detecting this forwarding-loop should be expected with this transparent and tcp_outgoing_address combination ? Are we talking of a bug or are we talking of some expected behavior ? Is there any other information that i could provide to help tracking this ?




--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux