[squid-users] Error while writing to TCP socket: Permission denied

[Ишаяhу Ластов]

I use squid on freebsd 10.3. When I set proxy adress in web brouser, I can't 
attach files to mail on mail.ru. Whithout proxy it works. In access.log there 
are no errors. In cache.log I've got:
2017/05/29 21:12:16 kid1| local=217.151.68.36:34572 remote=217.69.139.216:443 
FD 44 flags=1: read/write failure: (13) Permission denied
2017/05/29 21:12:16 kid1| local=217.151.68.36:36057 remote=217.69.139.216:443 
FD 44 flags=1: read/write failure: (13) Permission denied
FD can change If I understand right, how to use lson, then
root@bkp_router:/home/ishayahu # lsof -d44
COMMAND   PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
squid   30197 squid   44u  IPv4 0xf80029788810  0t0  TCP 
broadband-68-36.clients.extel.ru:48387->e.mail.ru:https (ESTABLISHED)
broadband-68-36.clients.extel.ru is ISP's router
How can I solve that problem?
PS: settings like
#request_body_max_size 0
#reply_body_max_size 0
#request_header_max_size 64 KB
#reply_header_max_size 64 KB
#client_request_buffer_max_size 50 Mb
#acl post method POST
#http_access allow post localnet
doesn't help
#ktrace -d -p 667 kdump>kdump.out
Searching in kdump.out for denied:
4529011-  6776 squidGIO   fd 5 read 32 bytes
4529052-   0x 1b00    feff 1000   400f   
     |@...|
4529197-
4529198-  6776 squidRET   kevent 1
4529229-  6776 squidCALL  write(0x1b,0x8057c3000,0x5b4)
4529281:  6776 squidRET   write -1 errno 13 Permission denied
4529339-  6776 squidCALL  write(0x4,0x802dbf000,0x88)
4529389-  6776 squidGIO   fd 4 wrote 136 bytes
4529432:   "2017/06/04 17:34:06 kid1| local=217.151.68.36:42442 
remote=217.69.139.216:443 FD 27 flags=1: read/write failure: (13) Permission 
denied
4529576-   "
4529585-  6776 squidRET   write 136/0x88
4529622-  6776 squidCALL  close(0x1b)
4529656-  6776 squidRET   close 0
4529686-  6776 squidCALL  close(0x19)
In kdump.out I see, that socekt was opened, was bunch of reading/writing to it, 
and without any seeing reason it ends with error.
Here socket opens:

root@bkp_router:/home/ishayahu # cat kdump.out | grep -b10 "RET socket 27/0x1b"
4534031-  6776 squidGIO   fd 25 read 196 bytes
4534074-   "CONNECT e.mail.ru:443 HTTP/1.1\r
4534115-User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) 
Gecko/20100101 Firefox/55.0\r
4534204-Proxy-Connection: keep-alive\r
4534236-Connection: keep-alive\r
4534262-Host: e.mail.ru:443\r
4534285-\r
4534289-   "
4534298-  6776 squidRET   read 196/0xc4
4534334-  6776 squidCALL  socket(PF_INET,SOCK_STREAM,IPPROTO_TCP)
4534396:  6776 squidRET   socket 27/0x1b
4534433-  6776 squidCALL  fcntl(0x1b,F_GETFD,0)
4534477-  6776 squidRET   fcntl 0
4534507-  6776 squidCALL  fcntl(0x1b,F_SETFD,FD_CLOEXEC)
4534560-  6776 squidRET   fcntl 0
4534590-  6776 squidCALL  fcntl(0x1b,F_GETFL,0)
4534634-  6776 squidRET   fcntl 2
4534664-  6776 squidCALL  fcntl(0x1b,F_SETFL,0x6)
4534729-  6776 squidRET   fcntl 0
4534759-  6776 squidCALL  setsockopt(0x1b,0x6,0x1,0x7fffe484,0x4)
4534825-  6776 squidRET   setsockopt 0


-- 
Ишаяhу Ластов

+7-906-772-88-86___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Error while writing to TCP socket: Permission denied

[Amos Jeffries]

On 07/06/17 22:54, Ишаяhу Ластов wrote:


I use squid on freebsd 10.3. When I set proxy adress in web brouser, I 
can't attach files to mail on mail.ru. Whithout proxy it works. In 
access.log there are no errors. In cache.log I've got:


|2017/05/29 21:12:16 kid1| local=217.151.68.36:34572 
remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) 
Permission denied 2017/05/29 21:12:16 kid1| local=217.151.68.36:36057 
remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) 
Permission denied |


FD can change If I understand right, how to use lson, then



FD in this case is an open network connection. Each TCP connection has 
exactly one FD in Squid. They get re-used like ports, but it should 
remain unchanged as long as the TCP connection exists. Another identical 
TCP connection made later may get a different FD.


> How can I solve that problem?


It is rather odd to have "Permission denied" (filesystem error!) on a 
network socket. The network equivalent is a failure to connect in the 
first place, or a sudden close event if already open. I suspect a bug in 
your OS kernel or whatever security system it has controlling access to 
system resources.


If this were Linux I would point at SELinux misconfiguration, but I'm 
not sure what (if anything) FreeBSD has doing that sort of control.



Sorry
Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users