Date: Sun, 4 Oct 2015 19:31:43 +0100 From: krad <kraduk@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org> Subject: transparent redirection with pf and squid Message-ID: <CALfReydfTmy5dmMqm-055cyeYi7WOrh8nELUJrvXV=dPcUsikg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Is anyone else having problems with squid core dumping on Freebsd 10-stable
when using the transparent caching feature. It started happening recently
after I re enabled ipv6 on my network. It may just be coincidence though.
It has even caused the odd kernel panic but not every time.
FreeBSD xx 10.2-STABLE FreeBSD 10.2-STABLE #6: Wed Sep 9 16:01:15 BST 2015
root@r2:/build/stable/usr/obj/build/stable/usr/src/sys/me amd64
Oct 4 17:13:09 hunters6 kernel: Fatal trap 12: page fault while in kernel
mode
Oct 4 17:13:09 hunters6 kernel: cpuid = 1; apic id = 02
Oct 4 17:13:09 hunters6 kernel: fault virtual address = 0x28
Oct 4 17:13:09 hunters6 kernel: fault code = supervisor read
data, page not present
Oct 4 17:13:09 hunters6 kernel: instruction pointer =
0x20:0xffffffff807f27a9
Oct 4 17:13:09 hunters6 kernel: stack pointer =
0x28:0xfffffe011be4a390
Oct 4 17:13:09 hunters6 kernel: frame pointer =
0x28:0xfffffe011be4a3f0
Oct 4 17:13:09 hunters6 kernel: code segment = base 0x0, limit
0xfffff, type 0x1b
Oct 4 17:13:09 hunters6 kernel: = DPL 0, pres 1, long 1, def32 0, gran 1
Oct 4 17:13:09 hunters6 kernel: processor eflags = interrupt
enabled, resume, IOPL = 0
Oct 4 17:13:09 hunters6 kernel: current process = 10269
(squid)
Oct 4 17:13:09 hunters6 kernel: trap number = 12
Oct 4 17:13:09 hunters6 kernel: panic: page fault
Oct 4 17:13:09 hunters6 kernel: cpuid = 1
Oct 4 17:13:09 hunters6 kernel: KDB: stack backtrace:
Oct 4 17:13:09 hunters6 kernel: #0 0xffffffff8062f920 at kdb_backtrace+0x60
Oct 4 17:13:09 hunters6 kernel: #1 0xffffffff805f48f6 at vpanic+0x126
Oct 4 17:13:09 hunters6 kernel: #2 0xffffffff805f47c3 at panic+0x43
Oct 4 17:13:09 hunters6 kernel: #3 0xffffffff808c5eeb at trap_fatal+0x36b
Oct 4 17:13:09 hunters6 kernel: #4 0xffffffff808c61ed at trap_pfault+0x2ed
Oct 4 17:13:09 hunters6 kernel: #5 0xffffffff808c588a at trap+0x47a
Oct 4 17:13:09 hunters6 kernel: #6 0xffffffff808abb52 at calltrap+0x8
Oct 4 17:13:09 hunters6 kernel: #7 0xffffffff807d3a9f at
in6_mapped_peeraddr+0xcf
Oct 4 17:13:09 hunters6 kernel: #8 0xffffffff805b0048 at
export_fd_to_sb+0x6c8
Oct 4 17:13:09 hunters6 kernel: #9 0xffffffff805af880 at
kern_proc_filedesc_out+0x3d0
Oct 4 17:13:09 hunters6 kernel: #10 0xffffffff8059c7bd at
note_procstat_files+0xfd
Oct 4 17:13:09 hunters6 kernel: #11 0xffffffff8059a3a4 at
elf64_coredump+0x314
Oct 4 17:13:09 hunters6 kernel: #12 0xffffffff805f7f4c at sigexit+0xb6c
Oct 4 17:13:09 hunters6 kernel: #13 0xffffffff805f85a6 at postsig+0x286
Oct 4 17:13:09 hunters6 kernel: #14 0xffffffff806403f7 at ast+0x427
gdb back trace of core file
#0 0x000000080264772a in thr_kill () from /lib/libc.so.7
#1 0x0000000802647716 in raise () from /lib/libc.so.7
#2 0x0000000802647699 in abort () from /lib/libc.so.7
#3 0x00000008026ae021 in __assert () from /lib/libc.so.7
#4 0x0000000000875433 in Ip::Address::getInAddr (this=0x803a13ee4,
buf=@0x7fffffffddf8) at Address.cc:1024
#5 0x0000000000875f5c in Ip::Intercept::PfInterception (this=0xf0a190,
newConn=@0x7fffffffe340, silent=0) at Intercept.cc:326
#6 0x00000000008767e6 in Ip::Intercept::Lookup (this=0xf0a190,
newConn=@0x7fffffffe340, listenConn=@0x803a14310) at Intercept.cc:390
#7 0x000000000095fed9 in Comm::TcpAcceptor::oldAccept (this=0x803a142d8,
details=@0x7fffffffe340) at TcpAcceptor.cc:408
#8 0x000000000095e9a7 in Comm::TcpAcceptor::acceptOne (this=0x803a142d8)
at TcpAcceptor.cc:268
#9 0x000000000095e939 in Comm::TcpAcceptor::acceptNext (this=0x803a142d8)
at TcpAcceptor.cc:298
#10 0x000000000095de44 in Comm::TcpAcceptor::doAccept (fd=28,
data=0x803a142d8) at TcpAcceptor.cc:230
#11 0x000000000095b115 in Comm::DoSelect (msec=379) at ModKqueue.cc:278
#12 0x000000000086d064 in CommSelectEngine::checkEvents
(this=0x7fffffffe928, timeout=379) at comm.cc:1829
#13 0x00000000006427fa in EventLoop::checkEngine (this=0x7fffffffe940,
engine=0x7fffffffe928, primary=true) at EventLoop.cc:35
#14 0x0000000000642e3f in EventLoop::runOnce (this=0x7fffffffe940) at
EventLoop.cc:114
#15 0x0000000000642b6f in EventLoop::run (this=0x7fffffffe940) at
EventLoop.cc:82
#16 0x00000000006dccae in SquidMain (argc=3, argv=0x7fffffffebd0) at
main.cc:1533
#17 0x00000000006db9fa in SquidMainSafe (argc=3, argv=0x7fffffffebd0) at
main.cc:1258
#18 0x00000000006db9d2 in main (argc=3, argv=0x7fffffffebd0) at main.cc:1251
rdr pass on private inet proto tcp from ! <free> to ! (private:network)
port = http -> 192.168.210.65 port 3127
rdr pass on private inet6 proto tcp from ! <free> to ! (private:network)
port = http -> 2001:470:1f09:1c21::65 port 3127
rdr pass on private inet proto tcp from ! <ssl_free> to ! (private:network)
port = https -> 192.168.210.65 port 3129
rdr pass on private inet6 proto tcp from ! <ssl_free> to !
(private:network) port = https -> 2001:470:1f09:1c21::65 port 3129
# squid -v
Squid Cache: Version 3.5.9
Service Name: squid
configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin'
'--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var'
'--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid/squid.pid' '--with-swapdir=/var/squid/cache'
'--without-gnutls' '--enable-auth' '--enable-build-info'
'--enable-loadable-modules' '--enable-removal-policies=lru heap'
'--disable-epoll' '--disable-linux-netfilter' '--disable-linux-tproxy'
'--disable-translation' '--disable-arch-native' '--disable-eui'
'--disable-cache-digests' '--disable-delay-pools' '--disable-ecap'
'--disable-esi' '--disable-follow-x-forwarded-for' '--enable-htcp'
'--enable-icap-client' '--disable-icmp' '--enable-ident-lookups'
'--enable-ipv6' '--enable-kqueue' '--without-large-files'
'--disable-http-violations' '--without-nettle' '--enable-snmp'
'--enable-ssl' '--enable-ssl-crtd' '--disable-stacktraces'
'--disable-ipf-transparent' '--disable-ipfw-transparent'
'--enable-pf-transparent' '--with-nat-devpf' '--disable-forw-via-db'
'--enable-wccp' '--enable-wccpv2' '--without-heimdal-krb5'
'--without-mit-krb5' '--without-gss' '--enable-auth-basic=DB SMB_LM
MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam NIS'
'--enable-auth-digest=file' '--enable-external-acl-helpers=file_userip
time_quota unix_group' '--enable-auth-negotiate=none'
'--enable-auth-ntlm=fake smb_lm' '--enable-storeio=ufs aufs diskd'
'--enable-disk-io=AIO Blocking IpcIo Mmapped DiskThreads DiskDaemon'
'--enable-log-daemon-helpers=file' '--enable-url-rewrite-helpers=fake'
'--enable-storeid-rewrite-helpers=file' '--with-openssl=/usr'
'--disable-optimizations' '--enable-debug-cbdata' '--prefix=/usr/local'
'--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=amd64-portbld-freebsd10.2' 'build_alias=amd64-portbld-freebsd10.2'
'CC=cc' 'CFLAGS=-pipe -I/usr/include -g -fstack-protector
-fno-strict-aliasing' 'LDFLAGS= -pthread -L/usr/lib -fstack-protector'
'LIBS=' 'CPPFLAGS=' 'CXX=c++' 'CXXFLAGS=-pipe -I/usr/include -g
-fstack-protector -fno-strict-aliasing ' 'CPP=cpp' --enable-ltdl-convenience
# grep http.*_port /usr/local/etc/squid/squid.conf
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_port [2001:470:1f09:1c21::65]:3127 intercept
http_port 192.168.210.65:3127 intercept
http_port [2001:470:1f09:1c21::65]:3128 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/jails/tproxy/opt/qlproxy/etc/myca.pem
http_port 192.168.210.65:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/jails/tproxy/opt/qlproxy/etc/myca.pem
https_port [2001:470:1f09:1c21::65]:3129 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/jails/tproxy/opt/qlproxy/etc/myca.pem
https_port 192.168.210.65:3129 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/jails/tproxy/opt/qlproxy/etc/myca.pem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALfReydfTmy5dmMqm-055cyeYi7WOrh8nELUJrvXV=dPcUsikg>