I have 2 squid boxes worked fine for long time . recently i have change a little bit in configs after that i see hickups in realtime graph and http hangups right when following error appears in cache.log of one of squid boxes. IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD xx: (2) No such file or directory changes i made few days ago 1. enabled access_log /var/log/squid3/access.log 2. added (.+\.||) at start of refresh_pattern rules 3. started to use jesred . there were no url_rewrite_program before Which one can create the problem ? My squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl trustedwebserver src xxx.xxx.160.170 acl trustednetworks src xxx.xxx.160.0/24 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access allow manager trustedwebserver http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost #Don't forget firewall to allow also acl allowed_hosts src xxx.xxx.160.0/19 acl allowed_hosts src 1.1.1.0/24 acl allowed_hosts src xxx:xxx::/32 #bottom two lines are because of http://bugs.squid-cache.org/show_bug.cgi?id=2798 acl to_myself dst 127.0.0.0/8 xxx.xxx.160.171 10.234.56.12 1.1.1.12 http_access deny to_myself #up two lines are because of http://bugs.squid-cache.org/show_bug.cgi?id=2798 http_access allow allowed_hosts http_access deny all http_port 3128 intercept http_port 3129 tproxy coredump_dir /var/spool/squid3 cache_mem 3 GB maximum_object_size 150 MB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /cache2 101000 36 256 cache_dir aufs /cache3 101000 36 256 cache_dir aufs /cache4 101000 36 256 dns_nameservers xxx.xxx.160.172 208.67.222.222 208.67.220.220 refresh_pattern -i (.+\.||)microsoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)windowsupdate.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)eset.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ver|nup) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)avg.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)grisoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)grisoft.cz/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)avast.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|vpx|vpu|vpa|vpaa|def|stamp) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)kaspersky-labs.com/.*\.(cab|zip|exe|msi|msp|bz2|avc|kdc|klz|dif|dat|kdz|kdl|kfb) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)kaspersky.com/.*\.(cab|zip|exe|msi|msp|bz2|avc|kdc|klz|dif|dat|kdz|kdl|kfb) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)nai.com/.*\.(gem|zip|mcs|tar|exe|) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)adobe.com/.*\.(cab|aup|exe|msi|upd|msp) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern -i (.+\.||)symantecliveupdate.com/.*\.(zip|exe|msi) 10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 tcp_outgoing_address xxx.xxx.160.171 cache_mgr admin@xxxxxx httpd_suppress_version_string on visible_hostname cache.xx.com unique_hostname cache.xx.com hostname_aliases ns2.xx.com cachemgr_passwd xx all store_avg_object_size 80 KB uri_whitespace allow strip_query_terms off ignore_unknown_nameservers off #memory_pools should be off http://bugs.squid-cache.org/show_bug.cgi?id=1956 memory_pools off memory_pools_limit 0 #error_directory /usr/share/squid3/errors/en-us forwarded_for transparent via off acl snmpacl snmp_community xx snmp_access allow snmpacl localhost snmp_access allow snmpacl trustednetworks snmp_access deny all snmp_port 3444 client_db off access_log /var/log/squid3/access.log squid qos_flows local-hit=0x30 qos_flows sibling-hit=0x30 qos_flows parent-hit=0x30 buffered_logs on max_filedescriptors 32768 error_directory /etc/squid3/en err_page_stylesheet none htcp_port 4827 acl allowed_htcp src 1.1.1.0/24 acl allowed_htcp src xxx.xxx.160.171 acl allowed_htcp src xxx.xxx.160.173 acl allowed_htcp src xxx:xxx::3:0:0:0:0/64 htcp_access allow allowed_htcp htcp_access deny all miss_access deny allowed_htcp cache_peer 1.1.1.14 sibling 3128 4827 proxy-only htcp no-tproxy name=cache2 acl to_redirect_program dstdomain "/etc/squid3/to_redirect_program.acl" url_rewrite_access allow to_redirect_program url_rewrite_access deny all url_rewrite_bypass on #url_rewrite_children 5 startup=5 idle=15 concurrency=0 url_rewrite_children 50 url_rewrite_program /usr/lib/squid/jesred minimum_object_size 0 bytes content of to_redirect_program.acl .server.cn .cpe.management .wpad.domain.name .isatap.home .scorecardresearch.com even i increased the number of url_rewrite_children from 5 to 20 to 50 . problem still appears . root@cache:~# echo "$( cat /proc/sys/net/netfilter/nf_conntrack_count ) / $( cat /proc/sys/net/netfilter/nf_conntrack_max )" 291115 / 524288 -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/IpIntercept-cc-137-NetfilterInterception-NF-getsockopt-SO-ORIGINAL-DST-failed-on-FD-4125-2-No-such-fy-tp4662558.html Sent from the Squid - Users mailing list archive at Nabble.com.
