LINUX.ORG.RU
ФорумAdmin

Squid 5.2 - TCP_MISS_ABORTED/000

 


0

1

Всем привет! Есть Squid 5.2, наблюдаю долгую загрузку контента в Telegram Desktop(Фото, видео и тд) в логах есть сообщения TCP_MISS_ABORTED/000 примерно через ~ 1 минуту все подгружается, что видно по логам TCP_TUNNEL/200 Как я понял эта ошибка связана с ipv6, хотел использовать опцию dns_v4_first on, но ее в squid5 убрали.

access.log

1655277699.818   3881 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.52/api - HIER_NONE/- - 
1655277699.818   3881 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.50/api - HIER_NONE/- -
1655277699.818   3964 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.52/api - HIER_NONE/- -
1655277699.818   3961 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.50/api - HIER_NONE/- -
1655277699.871   3929 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.52/api - HIER_NONE/- -
1655277699.871   3928 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.50/api - HIER_NONE/- -
1655277699.871   3932 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.52/api - HIER_NONE/- -
1655277699.872   3943 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.175.50/api - HIER_NONE/- -
1655277699.984   3978 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.167.222/api - HIER_NONE/- -
1655277699.984   3976 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.167.222/api - HIER_NONE/- -
1655277700.001   3964 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.167.222/api - HIER_NONE/- -
1655277700.016   3972 10.20.11.29 TCP_MISS_ABORTED/000 0 POST http://149.154.167.222/api - HIER_NONE/- -
1655277704.197  10341 10.20.11.29 TCP_TUNNEL/200 39 CONNECT 149.154.175.50:443 - HIER_DIRECT/149.154.175.50 -
1655277704.197  10341 10.20.11.29 TCP_TUNNEL/200 39 CONNECT 149.154.175.50:443 - HIER_DIRECT/149.154.175.50 -
1655277704.197  10359 10.20.11.29 TCP_TUNNEL/200 39 CONNECT 149.154.175.50:443 - HIER_DIRECT/149.154.175.50 -

cache.log

2022/06/15 11:35:55| SendEcho ERROR: sending to ICMPv6 packet to [2606:2800:234:59:254c:406:2366:268c]: (101) Network is unreachable
2022/06/15 11:43:35| SendEcho ERROR: sending to ICMPv6 packet to [2001:6d0:4001::226]: (101) Network is unreachable
2022/06/15 11:44:51| SendEcho ERROR: sending to ICMPv6 packet to [2a02:6b8::297]: (101) Network is unreachable

squid.conf

acl localnet src 10.10.0.0/16           # RFC 1918 local private network (LAN)
acl localnet src 10.20.0.0/16           #
acl localnet src 192.168.0.0/16         #

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

cache deny all
dns_nameservers 10.20.10.50
max_filedesc 65535
#dns_nameservers 8.8.8.8
cache_mgr 123@my.local
acl ip_squid src 192.168.48.59/32


acl domains dstdomain .to .org .com .net 
acl httpr dstdomain .2ip.ru
acl redirect dstdomain .ru 


cache_peer 192.168.48.59 parent 3128 0 no-query no-digest
cache_peer_access 192.168.48.59 deny domains
cache_peer_access 192.168.48.59 deny httpr
cache_peer_access 192.168.48.59 allow redirect
never_direct deny ip_squid
never_direct deny httpr
never_direct allow redirect 

# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
#

http_port 3128 

# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

IPv6 здесь совершенно не при чем - у тебя MISS_ABORTED в логах при обращении к IPv4-адресам

Pinkbyte ★★★★★
()
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.