On 21/12/23 17:55, Francesco Chemolli wrote:
Hi Amish,
the message you posted really looks like a kernel bug, possibly due
to faulty code, or resulting from a hardware problem.
Nothing squid can do can cause that kind of stack traces in kernel-space.
A quick search online results in
https
Dec20 1:00 [squid]
root 90764 0.0 0.0 6552 2560 pts/5 S+ 17:36 0:00 grep
--color=auto squid
Can above information be of any help?
Thanks and regards,
Amish
On 19/12/23 20:46, Alex Rousskov wrote:
On 2023-12-18 22:29, Amish wrote:
On 19/12/23 01:14, Alex Rousskov wrote:
Hi Amos,
On 19/12/23 20:25, Amos Jeffries wrote:
On 19/12/23 16:29, Amish wrote:
Hi Alex,
Thank you for replying.
On 19/12/23 01:14, Alex Rousskov wrote:
On 2023-12-18 09:35, Amish wrote:
I use Arch Linux and today I updated squid from squid 5.7 to squid
6.6.
> Dec 18 13:01:24 mum
Hi Alex,
Thank you for replying.
On 19/12/23 01:14, Alex Rousskov wrote:
On 2023-12-18 09:35, Amish wrote:
I use Arch Linux and today I updated squid from squid 5.7 to squid 6.6.
> Dec 18 13:01:24 mumbai squid[604]: kick abandoning conn199
I do not know whether the above problem is
IPv6 enabled, yet there are 33 and 4097 numbers in Recv-Q
and also no process/PID owns these ports.
Same IPv4 ports are not shown in use by netstat, so only IPv6 ports
remain open, that too orphaned!
So what is happening?
Any idea to solve or any workaround?
Thank you,
Amish
On 29/12/22 22:32, Alex Rousskov wrote:
On 12/29/22 10:41, Amish wrote:
On 29/12/22 20:23, Alex Rousskov wrote:
On 12/28/22 23:17, Amish wrote:
But now what?
If your Squid never peeks at origin servers (i.e. it always stares)
and your proxy never serves/secures plain-text "GET
On 29/12/22 20:23, Alex Rousskov wrote:
On 12/28/22 23:17, Amish wrote:
But now what?
If your Squid never peeks at origin servers (i.e. it always stares)
and your proxy never serves/secures plain-text "GET https" requests,
then you can run with the createClientContext(true)
Hi Alex,
On 29/12/22 08:14, Alex Rousskov wrote:
Hi Amish,
Thank you for updating test results. I have a working theory:
Staring SslBump disregards parsed tcp_outgoing_options since commit
f233022. That commit message explains why tcp_outgoing_options should
be ignored when peeking at
Hi Alex,
Thank you once again!
See replies inline below.
On 28/12/22 22:57, Alex Rousskov wrote:
Hi Amish,
TLS options are used on _both_ sides, in various cases, but there
are still too many unknowns, and I cannot quickly answer all of your
questions at once. Sorry. I can only guide
Hi Alex,
On 28/12/22 21:31, Alex Rousskov wrote:
Hi Amish,
Squid parsing code is tricky. tls_outgoing_options parsing code is
triply so. Even its authors misinterpret it!
I assume you have removed multiple tls_outgoing_options directives
from your configuration before testing. If you
ousskov wrote:
On 12/27/22 10:42, Amish wrote:
On 26/12/22 21:31, Alex Rousskov wrote:
tls_outgoing_options options=0x4,0x4
With numeric hex values, I do not see the ERROR on stderr.
But it still does not seem to be working as expected. Squid still
does not open the page and gives
Hi Alex,
Thank you for putting so much efforts in reply.
Unfortunately, something is still wrong somewhere, as below.
On 26/12/22 21:31, Alex Rousskov wrote:
On 12/26/22 00:46, Amish wrote:
I am using squid v5.7 with OpenSSL 3.0.7. (Arch Linux)
squid.conf:
# workaround for legacy
o I think in my case (previous email), squid should honor
tls_outgoing_options.
Regards,
[1]
http://lists.squid-cache.org/pipermail/squid-users/2022-December/025507.html
Amish
On 26/12/22 11:16, Amish wrote:
Hello
I am using squid v5.7 with OpenSSL 3.0.7. (Arch Linux)
I have setup SSL b
Thank you,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 02/09/20 8:05 pm, Amos Jeffries wrote:
On 2/09/20 7:01 pm, Amish wrote:
On 01/09/20 8:31 pm, Alex Rousskov wrote:
On 9/1/20 10:27 AM, Amish wrote:
Accepting ... connections at ... message came almost immediately (in 1
second).
Sep 01 06:40:05 foo squid[8446]: Accepting SSL bumped HTTP
On 01/09/20 8:31 pm, Alex Rousskov wrote:
On 9/1/20 10:27 AM, Amish wrote:
Accepting ... connections at ... message came almost immediately (in 1
second).
Sep 01 06:40:05 foo squid[8446]: Accepting SSL bumped HTTP Socket
connections at local=[::]:3128 remote=[::] FD 27 flags=9
OK, so you
On 01/09/20 7:17 pm, Alex Rousskov wrote:
On 9/1/20 2:32 AM, Amish wrote:
I have frequently observed an issue with squid.service but I am not able
to detect the real cause. As mostly it works but sometimes does not.
What happens is squid starts correctly, but systemd does not seem to be
there any squid.conf setting which I
may using and stopping notify randomly?
Any help would be highly appreciated.
Thanks and regards,
Amish
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 31/08/20 7:05 pm, Amos Jeffries wrote:
On 1/09/20 1:18 am, Amish wrote:
Hello,
Recently there has been reports of GREASE bug wrt Google chrome and Squid.
...>
So can someone please confirm if bug can affect squid version 4.10 or
not? And if I upgrade to squid 4.13 will it definit
has again come up with something new
which is breaking SSL again?
Thank you in advance,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 30/06/20 6:37 pm, Alex Rousskov wrote:
On 6/29/20 8:56 PM, Amish wrote:
On 30/06/20 1:22 am, Alex Rousskov wrote:
On 6/29/20 11:18 AM, Amish wrote:
I am using Arch Linux and today I upgraded squid to 4.12 (from 4.10)
Firefox and IE work fine. But in Google chrome - sites dont open.
You
On 30/06/20 1:22 am, Alex Rousskov wrote:
On 6/29/20 11:18 AM, Amish wrote:
I am using Arch Linux and today I upgraded squid to 4.12 (from 4.10)
Firefox and IE work fine. But in Google chrome - sites dont open.
You may need a fix for TLS GREASEd values. The following master/v6 PR
has not been
og shows NONE_ABORTED (for google chrome).
And packet sniffer shows FIN, ACK sent by squid. (I have not gone in
details as I dont understand packet details)
Am I doing anything wrong? If not, then is there any temporary
workaround without downgrading
On 22/01/20 12:10 pm, Amos Jeffries wrote:
On 22/01/20 6:55 pm, Amish wrote:
It appears that it runs a query on "counters". But I dont know if that
is counted as a "heavy" query or not.
It is one of the light ones. So if that were all that is going on I
would not be
On 21/01/20 9:09 pm, Alex Rousskov wrote:
On 1/20/20 11:28 PM, Amish wrote:
2) Is calling squidclient so frequently a right thing to do by netdata?
The answer depends on what cache manager query (or queries) your netdata
is sending to Squid. Sending some queries every second is perfectly
fine
al-of-service on squid.
So:
1) Is there any squid setting which I can adjust? (File descriptors
available is 16384)
2) Is calling squidclient so frequently a right thing to do by netdata?
Its probably over loading squid. (I will report to netdata if not)
Please guide,
Thank you,
Regards,
uot;notes" and SSL bumped
connection.
I will compose another e-mail with new subject to explain the issue, soon.
Regards
Amish
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
ier too in 2015 but the person who
reported it probably couldn't locate the exact reason and bug went
unnoticed.
http://lists.squid-cache.org/pipermail/squid-users/2015-August/005170.html
Regards
Amish.
___
squid-users mailing list
squ
On 15/12/18 6:33 am, Amish wrote:
On 15/12/18 5:27 am, Alex Rousskov wrote:
With modern Squids, you should not do anything special to accomplish
that. Only the latest annotation value should be preserved. If that is
not happening in your tests, consider filing a bug report,
especially if
connection annotation work simply exposed the fact that we screwed up
with annotation updates earlier, and we fixed that bug in the same project.
Alex.
Bug report with steps to reproduce filed:
https://bugs.squid-cache.org/show_bug.cgi?id=4912
Amish
On 14/12/18 10:37 pm, Alex Rousskov wrote:
On 12/14/18 9:26 AM, Amish wrote:
url_rewrite_program /usr/lib/squid/url_rewrite
url_rewrite_extras "policy=%{policy_}note"
I was expecting that %{policy_}note will pass on only latest value
to url_rewrite but somehow it passes old value +
lsites"
How to pass only the latest value with note macro?
Please guide
Thank you
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
o
correctly requires some serious work. Meanwhile, template substitutions
are available as a local ready-to-use alternative.
Thanks a lot again for your inputs.
Regards
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists
On 02/12/18 11:14 pm, Alex Rousskov wrote:
On 12/1/18 9:31 PM, Amish wrote:
Now I am looking for alternate ways I can resolve my issue.
There are probably many ways to do this. There are ready-to-use
templating tools that may be a better solution (more on that further
below). However, I can
On 02/12/18 3:20 pm, Amos Jeffries wrote:
On 2/12/18 5:31 pm, Amish wrote:
On 02/12/18 9:33 am, Alex Rousskov wrote:
To reduce long-term headaches, I think we should be strict and deprecate
(and then prohibit) ignoring duplicated external_acl_type declarations.
I do not see any good reasons
pdated.
This "define" feature can also have several other use in future.
Thank you,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 01/12/18 5:24 pm, Amos Jeffries wrote:
On 2/12/18 12:15 am, Amish wrote:
Thank you for your quick response.
So if I pass %ul to external_acl_type, but dont use any auth_param,
squid dies with an error.
"Can't use proxy auth because no authentication schemes are fully
configur
On 01/12/18 3:41 pm, Amos Jeffries wrote:
On 1/12/18 6:32 pm, Amish wrote:
QUESTION:
--
Effectively squid.conf now has two external_acl_type lines with same
name. (ipuser)
First one has %ul and other one does not.
From my tests - first one gets the priority and second one is
ere be a case where second gets called instead of first?
3) Can I expect this assumption to remain the same in future too?
Please guide.
Thank you in advance.
Regards,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists
only way out to detect the domain name would be by implementing
CONNECT proxy instead of transparent one.
I am happy with complete encryption all over but its going to be more
and more difficult to convince bosses!! :D
Regards,
Amish.
On 19/10/18 11:26 AM, Eliezer Croitoru wrote:
I have
you very much for elaborate replies.
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On 17/10/18 10:37 AM, Amos Jeffries wrote:
On 17/10/18 3:15 PM, Amish wrote:
My proposal for would be to add "-n" (nobump) option to deny_info.
If -n is specified then squid will send 307 directly instead of 200.
Case 1)
deny_info http://192.168.1.1/blocked.html denyit
Return wi
On 16/10/18 10:07 PM, Alex Rousskov wrote:
On 10/16/2018 10:01 AM, Amish wrote:
Thing is that squid behaves differently for 2 exactly same CONNECT
request with only difference being ssl-bump
Yes, Squid behaves differently when configured differently.
* My original response was specific to
On 16/10/18 9:05 PM, Alex Rousskov wrote:
On 10/16/2018 06:29 AM, Amish wrote:
In my opinion correct flow should be like this:
1) Browser sends CONNECT request
2) Check ACL
3) If denied, return with 307 (or 302)
4) If allowed, go ahead with tunneling / bumping as applicable
Unfortunately
uld be like this:
1) Browser sends CONNECT request
2) Check ACL
3) If denied, return with 307 (or 302)
4) If allowed, go ahead with tunneling / bumping as applicable
Please test / check,
Thank you,
Amish.
On 16/10/18 5:05 PM, Amish wrote:
Hello
I have this simplified ACL in squid.conf
connection
as HTTP and hopefully also follow Location.
Any idea? Or any other workaround (except importing squid certificate)
Thanks and regards,
Amish
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/lis
too lengthy (and bit
confusing) while that of cert was just one line.
So I would like to have more clarity if tls-cert is direct replacement
of cert OR I need to consider some other things too?
Thanks and regards,
Amish.
___
squid-users mail
interpretation was correct! And I had not
misinterpreted it :)
Amish.
On Tuesday 03 July 2018 09:30 PM, Amish wrote:
Umm, may be I mis-interpreted queue-size.
I thought queue-size indicates messages "waiting" in the queue and not
those are currently being processed.
So
x(2*4,2*16)=32 means that 32 URLs are "waiting" in queue. (in
addition to 64 being processed)
But if queue-size means ALL urls (64+32) then my formula would be
Default queue-size = (NCHILD*NCONC)+max(2*NCHILD, 2*NCONC)
Regards,
Amish.
On Tuesday 03 July 2018 09:17 PM, Marcus Kool
formula.
Amish
On Tuesday 03 July 2018 07:49 PM, Marcus Kool wrote:
The original intention of this default value is have a queue that is
twice the size of the messages being processed, so for helpers with
concurrency=NCONC and num_children=NCHILD it makes a lot of sense to
set the default
On Tuesday 03 July 2018 01:46 PM, Amos Jeffries wrote:
On 03/07/18 20:00, Amish wrote:
Hello,
In squid 4.1 new option "queue-size" was introduced.
In most (or all) cases default "queue-size" is set to children-max*2.
But I believe it should be higher of (children-max*
your super quick answers!
Amish
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
so I do not know how to test this i.e. how to
know if its really working.
For some reason "debug_options 3,9" is not generating anything in cache.log.
Note: Debug Section 3 = Configuration File Parsing
Thanks in advance,
Amish.
___
s
that, "concurrency" should be taken in to account for calculating
default value of "queue-size".
Please consider.
Thanks and regards.
Amish
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
On Wednesday 02 May 2018 09:11 PM, Amos Jeffries wrote:
On 03/05/18 03:01, Amish wrote:
But the code in Format.cc looks complicated then simple one line:
case LFT_LOCAL_LISTENING_IP: {
// avoid logging a dash if we have reliable info
const bool
On Wednesday 02 May 2018 10:05 AM, Amos Jeffries wrote:
On 02/05/18 16:20, Amish wrote:
Does request->masterXaction->tcpClient->local hold Squid IP incase of
intercepted traffic too?
The listening address (if any) will be in
request->masterXaction->squidPort->listenConn->
On Tuesday 01 May 2018 07:47 PM, Amos Jeffries wrote:
On 01/05/18 23:10, Amish wrote:
On Tuesday 01 May 2018 02:41 PM, Amos Jeffries wrote:
On 01/05/18 19:44, Amish wrote:
Hello,
First of thanks a lot for taking your time out for replying to my query.
My replies are inline.
On Tuesday 01
On Tuesday 01 May 2018 02:41 PM, Amos Jeffries wrote:
On 01/05/18 19:44, Amish wrote:
Hello,
First of thanks a lot for taking your time out for replying to my query.
My replies are inline.
On Tuesday 01 May 2018 09:10 AM, Amos Jeffries wrote:
On 01/05/18 00:54, Amish wrote:
Hello
I have 2
Hello,
First of thanks a lot for taking your time out for replying to my query.
My replies are inline.
On Tuesday 01 May 2018 09:10 AM, Amos Jeffries wrote:
On 01/05/18 00:54, Amish wrote:
Hello
I have 2 LAN interface on squid box, say department A (192.168.1.1/24)
and department B
host name and not the IP.
So how do I do that? Did I miss any thing.
Thanks in advance for any help,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
oes it hold true for dstdom_regex as well? Because both seem to apply
to same thing.
Thanks and regards,
Amish.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
61 matches
Mail list logo
