I use Squid on FreeBSD 10.3. When I set proxy address in web browser, I can't attach files to mail on mail.ru. Without proxy it works. In access.log there are no errors. In cache.log I've got:
FD can change If I understand right, how to use lsof, then
broadband-68-36.clients.extel.ru is ISP's router
How can I solve that problem?
PS: settings like
doesn't help
UPD:
Searching in kdump.out for denied:
I sent that question to squid mailing list and got answer:
So, what is problem and how to solve it?
Code:
2017/05/29 21:12:16 kid1| local=217.151.68.36:34572 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied
2017/05/29 21:12:16 kid1| local=217.151.68.36:36057 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied
FD can change If I understand right, how to use lsof, then
Code:
root@bkp_router:/home/ishayahu # lsof -d44
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
squid 30197 squid 44u IPv4 0xfffff80029788810 0t0 TCP broadband-68-36.clients.extel.ru:48387->e.mail.ru:https (ESTABLISHED)
broadband-68-36.clients.extel.ru is ISP's router
How can I solve that problem?
PS: settings like
Code:
#request_body_max_size 0
#reply_body_max_size 0
#request_header_max_size 64 KB
#reply_header_max_size 64 KB
#client_request_buffer_max_size 50 Mb
#acl post method POST
#http_access allow post localnet
doesn't help
UPD:
ktrace -d -p 667 kdump>kdump.out
Searching in kdump.out for denied:
Code:
4529011- 6776 squid GIO fd 5 read 32 bytes
4529052- 0x0000 1b00 0000 0000 0000 feff 1000 0000 0000 400f 0000 0000 0000 0000 0000 0000 0000 |................@...............|
4529197-
4529198- 6776 squid RET kevent 1
4529229- 6776 squid CALL write(0x1b,0x8057c3000,0x5b4)
4529281: 6776 squid RET write -1 errno 13 Permission denied
4529339- 6776 squid CALL write(0x4,0x802dbf000,0x88)
4529389- 6776 squid GIO fd 4 wrote 136 bytes
4529432: "2017/06/04 17:34:06 kid1| local=217.151.68.36:42442 remote=217.69.139.216:443 FD 27 flags=1: read/write failure: (13) Permission denied
4529576- "
4529585- 6776 squid RET write 136/0x88
4529622- 6776 squid CALL close(0x1b)
4529656- 6776 squid RET close 0
4529686- 6776 squid CALL close(0x19)
root@bkp_router:/home/ishayahu # cat kdump.out | grep -b10 "RET socket 27/0x1b"
4534031- 6776 squid GIO fd 25 read 196 bytes
4534074- "CONNECT e.mail.ru:443 HTTP/1.1\r
4534115- User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0\r
4534204- Proxy-Connection: keep-alive\r
4534236- Connection: keep-alive\r
4534262- Host: e.mail.ru:443\r
4534285- \r
4534289- "
4534298- 6776 squid RET read 196/0xc4
4534334- 6776 squid CALL socket(PF_INET,SOCK_STREAM,IPPROTO_TCP)
4534396: 6776 squid RET socket 27/0x1b
4534433- 6776 squid CALL fcntl(0x1b,F_GETFD,0)
4534477- 6776 squid RET fcntl 0
4534507- 6776 squid CALL fcntl(0x1b,F_SETFD,FD_CLOEXEC)
4534560- 6776 squid RET fcntl 0
4534590- 6776 squid CALL fcntl(0x1b,F_GETFL,0)
4534634- 6776 squid RET fcntl 2
4534664- 6776 squid CALL fcntl(0x1b,F_SETFL,0x6<O_RDWR|O_NONBLOCK>)
4534729- 6776 squid RET fcntl 0
4534759- 6776 squid CALL setsockopt(0x1b,0x6,0x1,0x7fffffffe484,0x4)
4534825- 6776 squid RET setsockopt 0
I sent that question to squid mailing list and got answer:
It is rather odd to have "Permission denied" (filesystem error!) on a
network socket. The network equivalent is a failure to connect in the
first place, or a sudden close event if already open. I suspect a bug in
your OS kernel or whatever security system it has controlling access to
system resources.
If this were Linux I would point at SELinux misconfiguration, but I'm
not sure what (if anything) FreeBSD has doing that sort of control.
So, what is problem and how to solve it?