Show posts

Hi all,

I recently updated OPNsense to 23.7.8_1, and found that Squid kept crashing when Parent Proxy is on. After I turned of the Parent Proxy, Squid stopped crashing.

I have set up Transparent proxy, SSL inspection, Log SNI information only, Access Control List/Allowed Subnets, Parent Proxy(pointing to a local http proxy server). This config was working on old version of Squid(5.9).

Here is the logs(Cache Log) when Parent Proxy is on before crash:

Code Select


2023-11-21T11:04:44	 	squid	| Removing PID file (/var/run/squid/squid.pid)	 
2023-11-21T11:04:44	 	squid	kid1| FATAL: assertion failed: peer_digest.cc:399: "fetch->pd && receivedData.data"	 
2023-11-21T11:04:43	 	squid	pinger| ICMPv6 socket opened	 
2023-11-21T11:04:43	 	squid	pinger| ICMP socket opened.	 
2023-11-21T11:04:43	 	squid	pinger| Initialising ICMP pinger ...	 
 	 	 	listening port: 192.168.3.1:3128	 
2023-11-21T11:04:43	 	squid	kid1| Accepting SSL bumped HTTP Socket connections at conn21 local=192.168.3.1:3128 remote=[::] FD 26 flags=9	 
 	 	 	listening port: [::1]:3129	 
2023-11-21T11:04:43	 	squid	kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn19 local=[::1]:3129 remote=[::] FD 25 flags=41	 
 	 	 	listening port: 127.0.0.1:3129	 
2023-11-21T11:04:43	 	squid	kid1| Accepting NAT intercepted SSL bumped HTTPS Socket connections at conn17 local=127.0.0.1:3129 remote=[::] FD 24 flags=41	 
 	 	 	listening port: [::1]:3128	 
2023-11-21T11:04:43	 	squid	kid1| Accepting NAT intercepted SSL bumped HTTP Socket connections at conn15 local=[::1]:3128 remote=[::] FD 23 flags=41	 
 	 	 	listening port: 127.0.0.1:3128	 
2023-11-21T11:04:43	 	squid	kid1| Accepting NAT intercepted SSL bumped HTTP Socket connections at conn13 local=127.0.0.1:3128 remote=[::] FD 22 flags=41	 
2023-11-21T11:04:43	 	squid	kid1| Adaptation support is off.	 
2023-11-21T11:04:43	 	squid	kid1| Squid plugin modules loaded: 0	 
2023-11-21T11:04:43	 	squid	kid1| Configuring Parent 192.168.3.10	 
2023-11-21T11:04:43	 	squid	kid1| Pinger socket opened on FD 28	 
2023-11-21T11:04:43	 	squid	kid1| HTCP Disabled.
2023-11-21T11:04:43	 	squid	kid1| HTCP Disabled.	 
2023-11-21T11:04:43	 	squid	kid1| Finished loading MIME types and icons.	 
2023-11-21T11:04:43	 	squid	kid1| Set Current Directory to /var/squid/cache	 
2023-11-21T11:04:43	 	squid	kid1| Using Least Load store dir selection	 
2023-11-21T11:04:43	 	squid	kid1| Max Swap size: 0 KB	 
2023-11-21T11:04:43	 	squid	kid1| Max Mem size: 262144 KB	 
2023-11-21T11:04:43	 	squid	kid1| Using 8192 Store buckets	 
2023-11-21T11:04:43	 	squid	kid1| Target number of buckets: 1008	 
2023-11-21T11:04:43	 	squid	kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects	 
2023-11-21T11:04:43	 	squid	kid1| Logfile: opening log stdio:/var/log/squid/store.log	 
2023-11-21T11:04:43	 	squid	kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec	 
2023-11-21T11:04:43	 	squid	kid1| Logfile: opening log stdio:/var/log/squid/access.log	 
2023-11-21T11:04:43	 	squid	kid1| ERROR: loading file '/usr/local/etc/squid/errors/local/error-details.txt': (2) No such file or directory	 
2023-11-21T11:04:43	 	squid	kid1| helperOpenServers: Starting 5/5 'security_file_certgen' processes	 
2023-11-21T11:04:43	 	squid	kid1| Adding domain gate.example.com from /etc/resolv.conf	 
2023-11-21T11:04:43	 	squid	kid1| Adding nameserver 192.168.3.1 from /etc/resolv.conf	 
2023-11-21T11:04:43	 	squid	kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf	 
2023-11-21T11:04:43	 	squid	kid1| Adding domain gate.example.com from /etc/resolv.conf	 
2023-11-21T11:04:43	 	squid	kid1| DNS IPv4 socket created at 0.0.0.0, FD 9	 
2023-11-21T11:04:43	 	squid	kid1| DNS IPv6 socket created at [::], FD 8
2023-11-21T11:04:43	 	squid	kid1| Initializing IP Cache...	 
2023-11-21T11:04:43	 	squid	kid1| With 116883 file descriptors available	 
2023-11-21T11:04:43	 	squid	kid1| Process Roles: worker	 
2023-11-21T11:04:43	 	squid	kid1| Process ID 22219	 
2023-11-21T11:04:43	 	squid	kid1| Service Name: squid	 
2023-11-21T11:04:43	 	squid	kid1| Starting Squid Cache version 6.5 for amd64-portbld-freebsd13.2...	 
2023-11-21T11:04:43	 	squid	kid1| Set Current Directory to /var/squid/cache	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/post-auth/dummy.conf (depth 1)	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/auth/dummy.conf (depth 1)	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/parentproxy.conf (depth 1)	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/dummy.conf (depth 1)	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/pre-auth/40-snmp.conf (depth 1)	 
2023-11-21T11:04:43	 	squid	kid1| WARNING: empty ACL: acl bump_nobumpsites ssl::server_name "/usr/local/etc/squid/nobumpsites.acl"	 
2023-11-21T11:04:43	 	squid	kid1| Disabling Authentication on port [::1]:3129 (interception enabled)	 
2023-11-21T11:04:43	 	squid	kid1| Starting Authentication on port [::1]:3129	 
2023-11-21T11:04:43	 	squid	kid1| Disabling Authentication on port 127.0.0.1:3129 (interception enabled)	 
2023-11-21T11:04:43	 	squid	kid1| Starting Authentication on port 127.0.0.1:3129	 
2023-11-21T11:04:43	 	squid	kid1| Disabling Authentication on port [::1]:3128 (interception enabled)	 
2023-11-21T11:04:43	 	squid	kid1| Starting Authentication on port [::1]:3128	 
2023-11-21T11:04:43	 	squid	kid1| Disabling Authentication on port 127.0.0.1:3128 (interception enabled)
2023-11-21T11:04:43	 	squid	kid1| Starting Authentication on port 127.0.0.1:3128	 
2023-11-21T11:04:43	 	squid	kid1| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)

Thanks in advance.

Messages - Kreee

Chinese - 中文 / Re: opnsense使用透明代理并分流

23.7 Legacy Series / Squid 6.5 keeps crashing when Parent Proxy is on