[squid-users] squid 5.3 frequent crash

[Majed Zouhairy]

peace i have squid with ufdb guard, after upgrading today to 5.3 i'm 
getting:

....
2022/01/06 14:47:35| Processing: acl localhet src 169.254.0.0/16 	# RFC 
3927 link-local (directly plugged) machines
2022/01/06 14:47:35| Processing: acl SSL_ports port 443
2022/01/06 14:47:35| Processing: acl Safe_ports port 80         # http
2022/01/06 14:47:35| Processing: acl Safe_ports port 8080       # http
2022/01/06 14:47:35| Processing: acl Safe_ports port 21         # ftp
2022/01/06 14:47:35| Processing: acl Safe_ports port 443                # https
2022/01/06 14:47:35| Processing: acl Safe_ports port 70         # gopher
2022/01/06 14:47:35| Processing: acl Safe_ports port 210                # wais
2022/01/06 14:47:35| Processing: acl Safe_ports port 1025-65535	# 
unregistered ports
2022/01/06 14:47:35| Processing: acl Safe_ports port 280                # 
http-mgmt
2022/01/06 14:47:35| Processing: acl Safe_ports port 488                # 
gss-http
2022/01/06 14:47:35| Processing: acl Safe_ports port 591                # 
filemaker
2022/01/06 14:47:35| Processing: acl Safe_ports port 777                # 
multiling http
2022/01/06 14:47:35| Processing: acl CONNECT method CONNECT
2022/01/06 14:47:35| Processing: acl blockfiles urlpath_regex -i 
"/etc/squid/blocks.files.acl"
2022/01/06 14:47:35| Processing: http_access deny !Safe_ports
2022/01/06 14:47:35| Processing: http_access deny CONNECT !SSL_ports
2022/01/06 14:47:35| Processing: http_access allow localhost manager
2022/01/06 14:47:35| Processing: http_access deny manager
2022/01/06 14:47:35| Processing: visible_hostname proxy.skko.by
2022/01/06 14:47:35| Processing: forwarded_for delete
2022/01/06 14:47:35| Processing: delay_pools 1
2022/01/06 14:47:35| Processing: delay_class 1 3
2022/01/06 14:47:35| Processing: delay_access 1 allow slower
2022/01/06 14:47:35| Processing: delay_access 1 deny all
2022/01/06 14:47:35| Processing: delay_parameters 1 128000/128000 -1/-1 
128000/64000
2022/01/06 14:47:35| Processing: http_access allow localnet
2022/01/06 14:47:35| Processing: http_access allow localhost
2022/01/06 14:47:35| Processing: http_access deny all
2022/01/06 14:47:35| Processing: http_port 8080 ssl-bump 
cert=/etc/squid/certs/myCA.pem generate-host-certificates=on 
dynamic_cert_mem_cache_size=8MB
2022/01/06 14:47:35| Processing: acl    tls_s1_connect                  at_step 
SslBump1
2022/01/06 14:47:35| Processing: acl    tls_s2_client_hello     at_step SslBump2
2022/01/06 14:47:35| Processing: acl    tls_s3_server_hello     at_step SslBump3
2022/01/06 14:47:35| Processing: acl 	tls_allowed_hsts		ssl::server_name 
			.akamaihd.net
2022/01/06 14:47:35| Processing: acl 	tls_allowed_hsts		ssl::server_name 
			.proxy.skko.by
2022/01/06 14:47:35| Processing: acl 	tls_server_is_bank 	 
ssl::server_name		 
"/usr/local/ufdbguard/blacklists/finance/domains.squidsplice"
2022/01/06 14:47:35| Processing: acl 	tls_to_splice 			any-of 					 
tls_allowed_hsts		tls_server_is_bank
2022/01/06 14:47:35| Processing: ssl_bump 		peek				tls_s1_connect 		# 
peek at TLS/SSL connect data
2022/01/06 14:47:35| Processing: ssl_bump 		splice 				tls_to_splice		# 
splice some: no active bump
2022/01/06 14:47:35| Processing: ssl_bump 		stare 				all					# 
stare(peek) at server
2022/01/06 14:47:35| Processing: ssl_bump 		bump									# bump if we 
can (if the stare succeeded)
2022/01/06 14:47:35| Processing: cache_dir ufs /var/cache/squid 3000 16 256
2022/01/06 14:47:35| Processing: coredump_dir /var/cache/squid
2022/01/06 14:47:35| Processing: cache_mem 960 MB
2022/01/06 14:47:35| Processing: netdb_filename none
2022/01/06 14:47:35| Processing: refresh_pattern ^ftp:                          
1440    20%     10080
2022/01/06 14:47:35| Processing: refresh_pattern ^gopher:                       
1440    0%      1440
2022/01/06 14:47:35| Processing: refresh_pattern -i (/cgi-bin/|\?)      0       
        0%      0
2022/01/06 14:47:35| Processing: refresh_pattern .                              
        0               20%     4320
2022/01/06 14:47:35| Processing: url_rewrite_extras "%>a/%>A %un %>rm 
bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
2022/01/06 14:47:35| Processing: url_rewrite_program 
/usr/local/ufdbguard/bin/ufdbgclient -m 4 -l /var/log/squid/
2022/01/06 14:47:35| Processing: url_rewrite_children 16 startup=8 
idle=2 concurrency=4 queue-size=64
2022/01/06 14:47:35| Initializing https:// proxy context
2022/01/06 14:47:35| Requiring client certificates.
2022/01/06 14:47:36| Initializing http_port [::]:8080 TLS contexts
2022/01/06 14:47:36| Using certificate in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Using certificate chain in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Adding issuer CA: 
/C=BY/ST=Minsk/L=Minsk/O=RUP/OU=COD/CN=proxy.skko.by/emailAddress=v_sed...@skno.by
2022/01/06 14:47:36| Using key in /etc/squid/certs/myCA.pem
2022/01/06 14:47:36| Not requiring any client certificates


in cache.log:

2022/01/06 14:27:14 kid1| ERROR: failure while accepting a TLS 
connection on conn907 local=10.10.10.10:8080 remote=10.14.10.15:54125 FD 
197 flags=1: 0x55e7126a28c0*1
    current master transaction: master95
2022/01/06 14:27:16| Pinger exiting.
2022/01/06 14:27:18 kid1| FATAL: check failed: opening()
    exception location: FwdState.cc(628) noteDestinationsEnd
    current master transaction: master95
2022/01/06 14:27:18 kid1| Closing Pinger socket on FD 46
    current master transaction: master95
2022/01/06 14:27:18| Removing PID file (/run/squid.pid)

systemctl status squid
× squid.service - Squid caching proxy
     Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; 
vendor preset: disabled)
     Active: failed (Result: exit-code) since Thu 2022-01-06 14:27:18 
+03; 23min ago
       Docs: man:squid(8)
    Process: 12653 
ExecStartPre=/usr/libexec/squid/initialize_cache_if_needed.sh 
(code=exited, status=0/SUCCESS)
    Process: 12657 ExecStart=/usr/sbin/squid -FC (code=exited, 
status=0/SUCCESS)
   Main PID: 12658 (code=exited, status=1/FAILURE)
        CPU: 3min 22.025s

Jan 06 14:27:07 proxy squid[12658]: Squid Parent: squid-1 process 13723 
exited with status 1
Jan 06 14:27:07 proxy squid[12658]: Squid Parent: (squid-1) process 
13773 started
Jan 06 14:27:09 proxy squid[12658]: Squid Parent: squid-1 process 13773 
exited with status 1
Jan 06 14:27:09 proxy squid[12658]: Squid Parent: (squid-1) process 
13823 started
Jan 06 14:27:18 proxy squid[12658]: Squid Parent: squid-1 process 13823 
exited with status 1
Jan 06 14:27:18 proxy squid[12658]: Squid Parent: squid-1 process 13823 
will not be restarted for 3600 seconds due to repeated, frequent failures
Jan 06 14:27:18 proxy squid[12658]: Exiting due to repeated, frequent 
failures
Jan 06 14:27:18 proxy systemd[1]: squid.service: Main process exited, 
code=exited, status=1/FAILURE
Jan 06 14:27:18 proxy systemd[1]: squid.service: Failed with result 
'exit-code'.
Jan 06 14:27:18 proxy systemd[1]: squid.service: Consumed 3min 22.025s 
CPU time.

what is the cause knowing that i changed /var/cache/squid/ssl_db from 
root:root to squid:squid
and /var/cache/squid from root:squid to squid:squid

sudo sysctl -a | grep net.ipv6.conf.all.disable_ipv6
net.ipv6.conf.all.disable_ipv6 = 1


what is the cause?
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users