Solved Squid: “FD 44 flags=1: read/write failure: (13) Permission denied”

Ishayahu

Member


Messages: 23

I use Squid on FreeBSD 10.3. When I set proxy address in web browser, I can't attach files to mail on mail.ru. Without proxy it works. In access.log there are no errors. In cache.log I've got:

Code:
2017/05/29 21:12:16 kid1| local=217.151.68.36:34572 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied
2017/05/29 21:12:16 kid1| local=217.151.68.36:36057 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied
FD can change If I understand right, how to use lsof, then

Code:
root@bkp_router:/home/ishayahu # lsof -d44
COMMAND   PID  USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
squid   30197 squid   44u  IPv4 0xfffff80029788810      0t0  TCP broadband-68-36.clients.extel.ru:48387->e.mail.ru:https (ESTABLISHED)
broadband-68-36.clients.extel.ru is ISP's router

How can I solve that problem?

PS: settings like

Code:
#request_body_max_size 0
#reply_body_max_size 0
#request_header_max_size 64 KB
#reply_header_max_size 64 KB
#client_request_buffer_max_size 50 Mb
#acl post method POST
#http_access allow post localnet
doesn't help

UPD: ktrace -d -p 667 kdump>kdump.out

Searching in kdump.out for denied:

Code:
4529011-  6776 squid    GIO   fd 5 read 32 bytes
4529052-       0x0000 1b00 0000 0000 0000 feff 1000 0000 0000 400f 0000 0000 0000 0000 0000 0000 0000                 |................@...............|
4529197-
4529198-  6776 squid    RET   kevent 1
4529229-  6776 squid    CALL  write(0x1b,0x8057c3000,0x5b4)
4529281:  6776 squid    RET   write -1 errno 13 Permission denied
4529339-  6776 squid    CALL  write(0x4,0x802dbf000,0x88)
4529389-  6776 squid    GIO   fd 4 wrote 136 bytes
4529432:       "2017/06/04 17:34:06 kid1| local=217.151.68.36:42442 remote=217.69.139.216:443 FD 27 flags=1: read/write failure: (13) Permission denied
4529576-       "
4529585-  6776 squid    RET   write 136/0x88
4529622-  6776 squid    CALL  close(0x1b)
4529656-  6776 squid    RET   close 0
4529686-  6776 squid    CALL  close(0x19)

root@bkp_router:/home/ishayahu # cat kdump.out | grep -b10 "RET socket 27/0x1b"

4534031-  6776 squid    GIO   fd 25 read 196 bytes
4534074-       "CONNECT e.mail.ru:443 HTTP/1.1\r
4534115-        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0\r
4534204-        Proxy-Connection: keep-alive\r
4534236-        Connection: keep-alive\r
4534262-        Host: e.mail.ru:443\r
4534285-        \r
4534289-       "
4534298-  6776 squid    RET   read 196/0xc4
4534334-  6776 squid    CALL  socket(PF_INET,SOCK_STREAM,IPPROTO_TCP)
4534396:  6776 squid    RET   socket 27/0x1b
4534433-  6776 squid    CALL  fcntl(0x1b,F_GETFD,0)
4534477-  6776 squid    RET   fcntl 0
4534507-  6776 squid    CALL  fcntl(0x1b,F_SETFD,FD_CLOEXEC)
4534560-  6776 squid    RET   fcntl 0
4534590-  6776 squid    CALL  fcntl(0x1b,F_GETFL,0)
4534634-  6776 squid    RET   fcntl 2
4534664-  6776 squid    CALL  fcntl(0x1b,F_SETFL,0x6<O_RDWR|O_NONBLOCK>)
4534729-  6776 squid    RET   fcntl 0
4534759-  6776 squid    CALL  setsockopt(0x1b,0x6,0x1,0x7fffffffe484,0x4)
4534825-  6776 squid    RET   setsockopt 0
I sent that question to squid mailing list and got answer:

It is rather odd to have "Permission denied" (filesystem error!) on a
network socket. The network equivalent is a failure to connect in the
first place, or a sudden close event if already open. I suspect a bug in
your OS kernel or whatever security system it has controlling access to
system resources.

If this were Linux I would point at SELinux misconfiguration, but I'm
not sure what (if anything) FreeBSD has doing that sort of control.
So, what is problem and how to solve it?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,278
Messages: 29,707

Make sure the user Squid runs on has access to all the cache files. I can image you've been trying different things and perhaps some cached file now has the wrong permissions.
 
OP
OP
Ishayahu

Ishayahu

Member


Messages: 23

Make sure the user Squid runs on has access to all the cache files. I can image you've been trying different things and perhaps some cached file now has the wrong permissions.
Code:
root@bkp_router:/usr/ports/www/squid # ls -la /var/squid/cache/
total 277224
drwxr-x---  2 squid  squid        512 Jun 20 17:18 .
drwxrwx---  3 squid  squid        512 Apr 29 22:52 ..
-rw-r-----  1 squid  squid          0 Jun 20 17:17 netdb.state
-rw-------  1 squid  squid  283729920 Jun  4 17:24 squid.core
 
OP
OP
Ishayahu

Ishayahu

Member


Messages: 23

It looks like it was hardware problem: I made router from another PC with the same settings - all works
 
Top