Re: [squid-users] Squid 5.6 and 5.9 keep crashing due to signal 6 with status 0

Tue, 19 Sep 2023 07:28:14 -0700 

Hello,

I had the same crushes. A network dump showed me that crushes occurred when
clients tried to access IPv6 http-resources.
I blocked these requests at the beginning of the proxy policy.
The following configuration seems to be a workaround for me:

acl urldst_ipv6 url_regex ^http://\[
http_access deny urldst_ipv6


I don't know if this workaround is also suitable for https-resources. May
be it should be rewritten like this:

acl urldst_ipv6_https url_regex ^\[
http_access deny urldst_ipv6_https


Kind regards,
       Ankor.

чт, 14 сент. 2023 г. в 17:12, Alex Rousskov <
rouss...@measurement-factory.com>:

> On 2023-09-14 07:02, Flashdown wrote:
>
> > Sep 14 08:55:06 vm-myproxy squid[79100]: Squid Parent: squid-2 process
> > 80675 exited due to signal 6 with status 0
>
> > 1694674498.411      9 **CENSORED_internal_client_IP** TCP_DENIED/407
> > 4129 CONNECT [ff00::]:443 - HIER_NONE/- text/html
>
> > IPv6 is disabled via sysctl config "net.ipv6.conf.all.disable_ipv6=1"
>
>
> Your Squid is most likely suffering (among other v5 bugs) from Squid Bug
> 5154: https://bugs.squid-cache.org/show_bug.cgi?id=5154
>
> To confirm, enable core dumps and look for a gdb backtrace sequence
> similar to the one posted in the above bug report:
>
> * in __assert_fail
> * in Ip::Address::getAddrInfo(addrinfo*&, int) const
> * in comm_openex(int, int, Ip::Address&, int, char const*)
>
> The best known way to prevent bug 5154 is to enable IPv6 support. If
> that is not feasible in your environment, then please keep reading.
>
>
> Squid bug 5154 has an unofficial but, IMO, correct fix at PR 1421:
> https://github.com/squid-cache/squid/pull/1421
>
> The above fix is not trivial and has side effects: For Squids that
> cannot handle IPv6 (e.g., because IPv6 support was disabled at
> ./configure time or is unavailable in the deployment environment), the
> fix will, in part, reject requests with IPv6 addresses in URLs. This
> rejection may negatively affect Squids that were "worked OK" by
> forwarding such traffic to IPv4 ICAP servers and cache_peers (at least).
>
> PR 1421 changes cannot be applied to Squid v5 "as is"; they have to be
> backported. I do not have a backporting patch for virgin Squid v5.
>
>
> HTH,
>
> Alex.
>
> _______________________________________________
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

Reply via email to