Re: New squid packages 2.4.6-2woody9 restarts very often.

To: debian-security@lists.debian.org
Subject: Re: New squid packages 2.4.6-2woody9 restarts very often.
From: Holger Schletz <holger.schletz@web.de>
Date: Tue, 12 Jul 2005 18:35:48 +0200
Message-id: <[🔎] 42D3F164.3090703@web.de>
In-reply-to: <[🔎] 20050712122602.GC7902@andrew.poller>
References: <m1Drzrd-000ojEC@finlandia.Infodrom.North.DE> <[🔎] 20050712122602.GC7902@andrew.poller>

Hi,

Just had the same Problem today on a SuSE server, where a patch was
released last week that adresses (among others) the same DNS spoofing
issue. Looks like a common bug.

Wiping the cache didn't help for me. I increased the debug level to 2
and found the following URL in my cache.log, immediately before the
restart messages:

http://62.26.121.2:80/dat/bgf/trpix.gif

I was able to reproduce the crash by directly requesting the offending
URL. Can you confirm this behavior?

The IP Adress belongs to FALK eSolution AG, an adserver network well
known for causing high traffic and long delays. Since many websites
contain ads from this server, squid will see the URL very often and
crash every time...

I won't say this is evil behavior - it's probably a squid bug. Most URLs
work well, but there seem to be some other problematic URLs around which
I was not yet able to track down.

As a workaround, I added this to my squid.conf, before the more general
http_access lines:

acl evilurl dst 62.26.121.2
http_access deny evilurl

As a side effect, some ad banners from FalkAG won't show up in my
browser. What a pity ;-)
Of course this is not a general solution - some "good" URLs may be
affected as well.

Regards,
Holger


aragon@onlinehome.de schrieb:
> Hello,
> 
> I have tried to install Version 2.4.6-2woody9 of the squid package on
> our Internet Gateway (Woody). There were no error messages during
> upgrade, but our Client get no connection to the proxy afterwards.
> I "fix" this temporary by reinstalling the previous version
> 2.4.6-2woody8.
> 
> Looking in the logfiles shows, that squid 2.4.6-2woody9 restarts very
> often:
> 
> upuaut:~# grep "Starting Squid Cache" /var/log/syslog
> Jul 12 12:00:33 upuaut squid[7747]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:00:50 upuaut squid[7775]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:00:56 upuaut squid[7803]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:01:00 upuaut squid[7831]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> [...]
> Jul 12 12:22:42 upuaut squid[8761]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:22:47 upuaut squid[8789]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:22:51 upuaut squid[8817]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> Jul 12 12:22:55 upuaut squid[8845]: Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> 
> The only significant error message I found was this one. Everytime 3
> seconds before a new squid process starts:
> 
> upuaut:~#grep "Squid Parent: child process.*exited due to signal 6" /var/log/syslog
> Jul 12 12:00:30 upuaut squid[7466]: Squid Parent: child process 7697 exited due to signal 6
> Jul 12 12:00:47 upuaut squid[7466]: Squid Parent: child process 7747 exited due to signal 6
> Jul 12 12:00:53 upuaut squid[7466]: Squid Parent: child process 7775 exited due to signal 6
> Jul 12 12:00:57 upuaut squid[7466]: Squid Parent: child process 7803 exited due to signal 6
> [...]
> Jul 12 12:22:39 upuaut squid[8667]: Squid Parent: child process 8731 exited due to signal 6
> Jul 12 12:22:44 upuaut squid[8667]: Squid Parent: child process 8761 exited due to signal 6
> Jul 12 12:22:48 upuaut squid[8667]: Squid Parent: child process 8789 exited due to signal 6
> Jul 12 12:22:52 upuaut squid[8667]: Squid Parent: child process 8817 exited due to signal 6
> 
> It seems to me that squid fails and restarts on every(??) incomming
> connection. But I am not shure.
> 
> Here is an exemplary excerpt of the cache.log:
> 
> 2005/07/12 12:22:47| Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> 2005/07/12 12:22:47| Process ID 8789
> 2005/07/12 12:22:47| With 1024 file descriptors available
> 2005/07/12 12:22:47| DNS Socket created on FD 5
> 2005/07/12 12:22:47| Adding nameserver 192.168.51.1 from /etc/resolv.conf
> 2005/07/12 12:22:47| Adding nameserver 192.168.50.2 from /etc/resolv.conf
> 2005/07/12 12:22:47| Adding nameserver 194.25.2.129 from /etc/resolv.conf
> 2005/07/12 12:22:47| helperOpenServers: Starting 15 'squidGuard' processes
> 2005/07/12 12:22:47| helperOpenServers: Starting 10 'pam_auth' processes
> 2005/07/12 12:22:47| User-Agent logging is disabled.
> 2005/07/12 12:22:47| Referer logging is disabled.
> 2005/07/12 12:22:47| Unlinkd pipe opened on FD 35
> 2005/07/12 12:22:47| Swap maxSize 102400 KB, estimated 7876 objects
> 2005/07/12 12:22:47| Target number of buckets: 393
> 2005/07/12 12:22:47| Using 8192 Store buckets
> 2005/07/12 12:22:47| Max Mem  size: 32768 KB
> 2005/07/12 12:22:47| Max Swap size: 102400 KB
> 2005/07/12 12:22:47| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
> 2005/07/12 12:22:47| Rebuilding storage in /var/spool/squid (DIRTY)
> 2005/07/12 12:22:47| Using Least Load store dir selection
> 2005/07/12 12:22:47| Set Current Directory to /var/spool/squid
> 2005/07/12 12:22:47| Loaded Icons.
> 2005/07/12 12:22:47| Accepting HTTP connections at 0.0.0.0, port 3128, FD 37.
> 2005/07/12 12:22:47| Accepting ICP messages at 0.0.0.0, port 3130, FD 38.
> 2005/07/12 12:22:47| HTCP Disabled.
> 2005/07/12 12:22:47| WCCP Disabled.
> 2005/07/12 12:22:47| Ready to serve requests.
> 2005/07/12 12:22:47| Store rebuilding is 46.8% complete
> 2005/07/12 12:22:48| Done reading /var/spool/squid swaplog (8753 entries)
> 2005/07/12 12:22:48| Finished rebuilding storage from disk.
> 2005/07/12 12:22:48|      8605 Entries scanned
> 2005/07/12 12:22:48|         0 Invalid entries.
> 2005/07/12 12:22:48|         0 With invalid flags.
> 2005/07/12 12:22:48|      8457 Objects loaded.
> 2005/07/12 12:22:48|         0 Objects expired.
> 2005/07/12 12:22:48|       148 Objects cancelled.
> 2005/07/12 12:22:48|         0 Duplicate URLs purged.
> 2005/07/12 12:22:48|         0 Swapfile clashes avoided.
> 2005/07/12 12:22:48|   Took 0.6 seconds (15062.4 objects/sec).
> 2005/07/12 12:22:48| Beginning Validation Procedure
> 2005/07/12 12:22:48|   Completed Validation Procedure
> 2005/07/12 12:22:48|   Validated 8457 Entries
> 2005/07/12 12:22:48|   store_swap_size = 92156k
> 2005/07/12 12:22:51| Starting Squid Cache version 2.4.STABLE6 for i386-debian-linux-gnu...
> 
> 
> Regards,
> Martin
> 
>

Reply to:

References:
- New squid packages 2.4.6-2woody9 restarts very often.
  - From: aragon@onlinehome.de

Prev by Date: Re: Addressing the recent zlib issue
Next by Date: Re: Addressing the recent zlib issue
Previous by thread: New squid packages 2.4.6-2woody9 restarts very often.
Next by thread: Re: New squid packages 2.4.6-2woody9 restarts very often.
Index(es):
- Date
- Thread