No problem. Thank you very much for your help. I checked the difference between a working call when the URL is not being rewritten and the not working call with a schema rewrite. The problem is that the proxy just forwards the client GET request to the upstream proxy, but in that case a CONNECT is required. I suppose that Squid does not consider the protocol change initiated by the url_rewrite_program. Is there any opportunity to add something to the code that handles the protocol change requested by url_rewrite_program in case of a rewrite?
Working case: Upstream proxy receives a CONNECT from the downstream proxy 2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12 2024/07/10 21:06:05.355 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9 2024/07/10 21:06:05.355 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request 2024/07/10 21:06:05.355 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found 2024/07/10 21:06:05.355 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:40122) 2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300 2024/07/10 21:06:05.355 kid1| 5,3| IoCallback.cc(112) finish: called for conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 (0, 0) 2024/07/10 21:06:05.355 kid1| 5,3| Read.cc(93) ReadNow: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1, size 4096, retval 213, errno 0 2024/07/10 21:06:05.355 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 timeout 300 2024/07/10 21:06:05.355 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty 2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482750 local=X.X.X.X:3128 remote=10.2.59.181:40122 FD 16 flags=1 2024/07/10 21:06:05.355 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST: --------- CONNECT download.docker.com:443 HTTP/1.1 Host: download.docker.com:443 User-Agent: curl/7.81.0 Via: 1.1 pkg-proxy (squid/6.10) X-Forwarded-For: 10.2.59.102 Cache-Control: max-age=259200 Connection: close Not working after schema rewrite: Upstream proxy receives a GET from the proxy 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New connection on FD 12 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: connection on conn482169 local=[::]:3128 remote=[::] FD 12 flags=9 2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP Request 2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 10.2.59.181 NOT found 2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: Failed to retrieve connection mark: (-1) (2) No such file or directory (Destination X.X.X.X:3128, source 10.2.59.181:59100) 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300 2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0) 2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, retval 293, errno 0 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline 0x5651b328cb80 empty 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: HTTP Client conn482175 local=X.X.X.X:3128 remote=10.2.59.181:59100 FD 16 flags=1 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: HTTP Client REQUEST: --------- GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1 Host: download.docker.com Accept: text/* User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive Via: 1.1 pkg-proxy (squid/6.10) X-Forwarded-For: 10.2.59.102 Cache-Control: max-age=0 Connection: keep-alive >-----Ursprüngliche Nachricht----- >Von: Alex Rousskov <rouss...@measurement-factory.com> >Gesendet: Mittwoch, 10. Juli 2024 18:56 >An: squid-users@lists.squid-cache.org >Cc: Fiehe, Christoph <c.fi...@eurodata.de> >Betreff: Re: [squid-users] Rewriting HTTP to HTTPS for generic package proxy > >On 2024-07-10 12:42, Fiehe, Christoph wrote: > >> In the next test case, I used a more modern upstream proxy server based von >> Squid 6.8 >and enabled debugging. >> >> The log shows the error SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED. >> I am not >sure, what I can do to prevent it from occurring > >I cannot help with GnuTLS, but I can recommend using Squid built with >OpenSSL libraries (./configure --with-openssl) instead of Squid built >with GnuTLS. > > >HTH, > >Alex. > > > >> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(214) doAccept: New >> connection on FD 12 >> 2024/07/10 18:24:44.031 kid1| 5,2| TcpAcceptor.cc(316) acceptNext: >> connection on >conn482169 local=[::]:3128 remote=[::] FD 12 flags=9 >> 2024/07/10 18:24:44.031 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 16 HTTP >> Request >> 2024/07/10 18:24:44.031 kid1| 28,3| Eui48.cc(511) lookup: id=0x5651b3e6d558 >> 10.2.59.181 >NOT found >> 2024/07/10 18:24:44.031 kid1| 17,2| QosConfig.cc(162) getNfConnmark: QOS: >> Failed to >retrieve connection mark: (-1) (2) No such file or directory (Destination >212.89.134.12:3128, source 10.2.59.181:59100) >> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: >> conn482175 >local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300 >> 2024/07/10 18:24:44.031 kid1| 5,3| IoCallback.cc(112) finish: called for >> conn482175 >local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 (0, 0) >> 2024/07/10 18:24:44.031 kid1| 5,3| Read.cc(93) ReadNow: conn482175 >local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1, size 4096, >retval 293, >errno 0 >> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: >> conn482175 >local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 300 >> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(43) back: Pipeline >> 0x5651b328cb80 empty >> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1332) parseHttpRequest: >> HTTP Client >conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 >> 2024/07/10 18:24:44.031 kid1| 11,2| client_side.cc(1333) parseHttpRequest: >> HTTP Client >REQUEST: >> --------- >> GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease HTTP/1.1 >> Host: download.docker.com >> Accept: text/* >> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive >> Via: 1.1 pkg-proxy (squid/6.10) >> X-Forwarded-For: 10.2.59.102 >> Cache-Control: max-age=0 >> Connection: keep-alive >> >> >> ---------- >> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1364) parseHttpRequest: >> complete >request received. prefix_sz = 293, request-line-size=77, mime-header-size=216, >mime header >block: >> Host: download.docker.com >> Accept: text/* >> User-Agent: Debian APT-HTTP/1.3 (2.4.12) non-interactive >> Via: 1.1 pkg-proxy (squid/6.10) >> X-Forwarded-For: 10.2.59.102 >> Cache-Control: max-age=0 >> Connection: keep-alive >> >> >> ---------- >> 2024/07/10 18:24:44.031 kid1| 87,3| clientStream.cc(139) >> clientStreamInsertHead: >clientStreamInsertHead: Inserted node 0x5651b6c14538 with data 0x5651b379ecb0 >after head >> 2024/07/10 18:24:44.031 kid1| 5,3| comm.cc(599) commSetConnTimeout: >> conn482175 >local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1 timeout 86400 >> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(1767) add: >> 0x5651b379dc40*3 to 0/0 >> 2024/07/10 18:24:44.031 kid1| 33,3| Pipeline.cc(24) add: Pipeline >> 0x5651b328cb80 add >request 1 0x5651b379dc40*4 >> 2024/07/10 18:24:44.031 kid1| 23,3| Uri.cc(446) parse: Split URL >'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' into >proto='https', >host='download.docker.com', port='443', >path='/linux/ubuntu/dists/jammy/InRelease' >> 2024/07/10 18:24:44.031 kid1| 14,3| Address.cc(389) lookupHostIP: Given >> Non-IP >'download.docker.com': Name or service not known >> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(702) >> clientSetKeepaliveFlag: http_ver >= HTTP/1.1 >> 2024/07/10 18:24:44.031 kid1| 33,3| client_side.cc(703) >> clientSetKeepaliveFlag: method = >GET >> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(123) >> ClientRequestContext: >ClientRequestContext constructed, this=0x5651b667b8b8 >> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1709) doCallouts: >> Doing >calloutContext->hostHeaderVerify() >> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(607) >> hostHeaderVerify: >validate host=download.docker.com, port=0, portStr=NULL >> 2024/07/10 18:24:44.031 kid1| 85,3| client_side_request.cc(621) >> hostHeaderVerify: >validate skipped. >> 2024/07/10 18:24:44.031 kid1| 83,3| client_side_request.cc(1716) doCallouts: >> Doing >calloutContext->clientAccessCheck() >> 2024/07/10 18:24:44.031 kid1| 28,3| Checklist.cc(69) preCheck: >> 0x5651b56d0d38 checking >slow rules >> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' found >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: all = 1 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >follow_x_forwarded_for#1 = 1 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> follow_x_forwarded_for >= 1 >> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(62) markFinished: >> 0x5651b56d0d38 answer >DENIED for match >> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(162) checkCallback: >ACLChecklist::checkCallback: 0x5651b56d0d38 answer=DENIED >> 2024/07/10 18:24:44.032 kid1| 28,3| Checklist.cc(69) preCheck: >> 0x5651b5f334e8 checking >slow rules >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports >> = 1 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> !Safe_ports = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#1 = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#2 = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: localhost >> = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#3 = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| RegexData.cc(50) match: checking >'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: manager = 0 >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#4 = 0 >> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname: >'download.docker.com', flags=1 >> 2024/07/10 18:24:44.032 kid1| 14,3| ipcache.cc(314) ipcacheRelease: >> ipcacheRelease: >Releasing entry for 'download.docker.com' >> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given >> Non-IP >'download.docker.com': Name or service not known >> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given >> Non-IP >'download.docker.com': Name or service not known >> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1793) idnsALookup: >> idnsALookup: buf >is 37 bytes for download.docker.com, id = 0xc228 >> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: >> comm_udp_sendto: >Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871 >> 2024/07/10 18:24:44.032 kid1| 78,3| dns_internal.cc(1729) >> idnsSendSlaveAAAAQuery: buf is >48 bytes for download.docker.com, id = 0x798c >> 2024/07/10 18:24:44.032 kid1| 50,3| comm.cc(927) comm_udp_sendto: >> comm_udp_sendto: >Attempt to send UDP packet to X.X.X.X:53 using FD 10 using Port 52871 >> 2024/07/10 18:24:44.032 kid1| 28,3| DestinationIp.cc(78) match: can't yet >> compare >'to_localhost' ACL for download.docker.com >> 2024/07/10 18:24:44.032 kid1| 14,3| Address.cc(389) lookupHostIP: Given >> Non-IP >'download.docker.com': Name or service not known >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> to_localhost = -1 >async >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#5 = -1 >async >> 2024/07/10 18:24:44.032 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access = -1 async >> 2024/07/10 18:24:44.048 kid1| 78,3| dns_internal.cc(1320) idnsRead: >> idnsRead: starting >with FD 10 >> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: >> idnsRead: FD 10: >received 144 bytes from X.X.X.X:53 >> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: >> idnsGrokReply: >QID 0xc228, 5 answers >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers >> for >download.docker.com >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #1 >108.138.7.18 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #2 >108.138.7.33 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #3 >108.138.7.48 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #4 >108.138.7.88 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 5 answers >> for >download.docker.com >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #1 >108.138.7.18 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #2 >108.138.7.33 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #3 >108.138.7.48 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #4 >108.138.7.88 >> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1320) idnsRead: >> idnsRead: starting >with FD 10 >> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1366) idnsRead: >> idnsRead: FD 10: >received 315 bytes from X.X.X.X:53 >> 2024/07/10 18:24:44.049 kid1| 78,3| dns_internal.cc(1173) idnsGrokReply: >> idnsGrokReply: >QID 0x798c, 9 answers >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers >> for >download.docker.com >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #5 >[2600:9000:2490:2200:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #6 >[2600:9000:2490:3600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #7 >[2600:9000:2490:7000:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #8 >[2600:9000:2490:d600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #9 >[2600:9000:2490:5a00:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #10 >[2600:9000:2490:6600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #11 >[2600:9000:2490:b600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #12 >[2600:9000:2490:aa00:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done >> with >download.docker.com: 108.138.7.18 #1/12-0 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(481) ipcacheParse: 9 answers >> for >download.docker.com >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #5 >[2600:9000:2490:2200:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #6 >[2600:9000:2490:3600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #7 >[2600:9000:2490:7000:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #8 >[2600:9000:2490:d600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #9 >[2600:9000:2490:5a00:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #10 >[2600:9000:2490:6600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #11 >[2600:9000:2490:b600:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(536) addGood: >> download.docker.com #12 >[2600:9000:2490:aa00:3:db06:4200:93a1] >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(587) ipcacheHandleReply: done >> with >download.docker.com: 108.138.7.18 #1/12-0 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(314) ipcacheRelease: >> ipcacheRelease: >Releasing entry for 'download.docker.com' >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname: >'download.docker.com', flags=1 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.18' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.33' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.48' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.88' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> to_localhost = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: >> checked: >http_access#5 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#6 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: PURGE = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#7 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: localhost >> = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#8 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: nocnet = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#9 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> EXTERNAL_DEV_CLIENTS = >0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#10 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#11 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#12 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#13 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#14 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#15 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#16 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#17 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: Safe_ports >> = 1 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> !Safe_ports = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#18 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: CONNECT = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#19 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking >'/linux/ubuntu/dists/jammy/InRelease' >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: worm = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#20 = 0 >> 2024/07/10 18:24:44.049 kid1| 14,3| ipcache.cc(733) ipcache_gethostbyname: >'download.docker.com', flags=1 >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.18' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.33' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.48' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '108.138.7.88' NOT >found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:2200:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:3600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:7000:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:d600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:5a00:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:6600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:b600:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >'[2600:9000:2490:aa00:3:db06:4200:93a1]' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> SEUCHEN_IPS = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#21 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(110) match: >> aclMatchDomainList: >checking 'download.docker.com' >> 2024/07/10 18:24:44.049 kid1| 28,3| DomainData.cc(115) match: >> aclMatchDomainList: >'download.docker.com' NOT found >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> SEUCHEN_DOMAINS = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#22 = 0 >> 2024/07/10 18:24:44.049 kid1| 28,3| RegexData.cc(50) match: checking >'download.docker.com' >> 2024/07/10 18:24:44.049 kid1| 28,3| Acl.cc(175) matches: checked: >> SEUCHEN_DOMAINS_REGEX >= 0 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#23 = 0 >> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' NOT >found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> GERMANIA_PROXY = 0 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#24 = 0 >> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> REPOSITORY-CLIENTS = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: >> aclMatchDomainList: >checking 'download.docker.com' >> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: >> aclMatchDomainList: >'download.docker.com' found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> REPOSITORY-ZIELE = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> http_access#25 = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| InnerNode.cc(100) resumeMatchingAt: >> checked: >http_access = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: >> 0x5651b5f334e8 answer >ALLOWED for match >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback: >ACLChecklist::checkCallback: 0x5651b5f334e8 answer=ALLOWED >> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) >> clientAccessCheckDone: >The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >is ALLOWED; >last ACL checked: REPOSITORY-ZIELE >> 2024/07/10 18:24:44.050 kid1| 83,3| AccessCheck.cc(42) Start: adaptation >> off, skipping >> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1744) doCallouts: >> Doing >calloutContext->clientAccessCheck2() >> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(693) >> clientAccessCheck2: No >adapted_http_access configuration. default: ALLOW >> 2024/07/10 18:24:44.050 kid1| 85,2| client_side_request.cc(715) >> clientAccessCheckDone: >The request GET https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >is ALLOWED; >last ACL checked: REPOSITORY-ZIELE >> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1762) doCallouts: >> Doing >clientInterpretRequestHeaders() >> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_request.cc(117) >> ~ClientRequestContext: >ClientRequestContext destructed, this=0x5651b667b8b8 >> 2024/07/10 18:24:44.050 kid1| 83,3| client_side_request.cc(1856) doCallouts: >> calling >processRequest() >> 2024/07/10 18:24:44.050 kid1| 87,3| clientStream.cc(178) clientStreamRead: >clientStreamRead: Calling 1 with cbdata 0x5651b379fd80 from node 0x5651b6c14538 >> 2024/07/10 18:24:44.050 kid1| 73,3| HttpRequest.cc(742) storeId: sent back >effectiveRequestUrl: >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 20,3| Controller.cc(429) peek: >D3522EE27FB0ED7004DD594AF7674667 >> 2024/07/10 18:24:44.050 kid1| 85,3| client_side_reply.cc(1523) >> identifyFoundObject: >StoreEntry is NULL - MISS >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(731) storeCreatePureEntry: >storeCreateEntry: >'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' >> 2024/07/10 18:24:44.050 kid1| 20,3| MemObject.cc(99) MemObject: MemObject >> constructed, >this=0x5651b3ae4fc0 >> 2024/07/10 18:24:44.050 kid1| 88,3| MemObject.cc(82) setUris: 0x5651b3ae4fc0 >> storeId: >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: storeCreateEntry >> locked key >[null_store_key] e:=V/0x5651b365e210*1 >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(537) setPrivateKey: 00 >e:=V/0x5651b365e210*1 >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(413) hashInsert: >> StoreEntry::hashInsert: >Inserting Entry e:=IV/0x5651b365e210*1 key '8349000000000000D107000001000000' >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client locked >> key >8349000000000000D107000001000000 e:=IV/0x5651b365e210*2 >> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(243) copy: >> store_client::copy: >8349000000000000D107000001000000, from 0, for length 4096, cb 1, cbdata >0x5651b379ece8 >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: store_client::copy >> locked key >8349000000000000D107000001000000 e:=IV/0x5651b365e210*3 >> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(343) storeClientCopy2: >storeClientCopy2: 8349000000000000D107000001000000 >> 2024/07/10 18:24:44.050 kid1| 90,3| store_client.cc(390) doCopy: >> store_client::doCopy: >Waiting for more >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: store_client::copy >> unlocking >key 8349000000000000D107000001000000 e:=IV/0x5651b365e210*3 >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: >> 0x7ffef6c09e30 checking >fast rules >> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181:59100' >found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> miss_access#1 = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> miss_access = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: >> 0x7ffef6c09e30 answer >ALLOWED for match >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(373) Start: >'https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' >> 2024/07/10 18:24:44.050 kid1| 17,2| FwdState.cc(133) FwdState: Forwarding >> client request >conn482175 local=212.89.134.12:3128 remote=10.2.59.181:59100 FD 16 flags=1, >url=https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: FwdState locked key >8349000000000000D107000001000000 e:=IV/0x5651b365e210*3 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(140) FwdState: FwdState >> constructed, >this=0x5651b695faf8 >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(309) peerSelect: >e:=IV/0x5651b365e210*3 >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(435) lock: peerSelect locked key >8349000000000000D107000001000000 e:=IV/0x5651b365e210*4 >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET >download.docker.com >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(617) selectMore: direct = >DIRECT_UNKNOWN (always_direct to be checked) >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: >> 0x5651b56d0d38 checking >slow rules >> 2024/07/10 18:24:44.050 kid1| 28,3| Ip.cc(538) match: aclIpMatchIp: >> '10.2.59.181' found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: all = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> always_direct#1 = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> always_direct = 1 >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(62) markFinished: >> 0x5651b56d0d38 answer >ALLOWED for match >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(162) checkCallback: >ACLChecklist::checkCallback: 0x5651b56d0d38 answer=ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(373) >> checkAlwaysDirectDone: ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(379) >> checkAlwaysDirectDone: direct = >DIRECT_YES (always_direct allow) >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(612) selectMore: GET >download.docker.com >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(1102) addSelection: adding >HIER_DIRECT#download.docker.com >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(460) resolveSelected: >> Find IP >destination for: >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease' via >download.docker.com >> 2024/07/10 18:24:44.050 kid1| 14,3| Address.cc(389) lookupHostIP: Given >> Non-IP >'download.docker.com': Name or service not known >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482176 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1, >destination #1 >for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482176 >local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(1124) connectStart: 1+ paths >> to >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482177 local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1, >destination #2 >for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482177 >local=0.0.0.0 remote=108.138.7.33:443 HIER_DIRECT flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482178 local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1, >destination #3 >for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482178 >local=0.0.0.0 remote=108.138.7.48:443 HIER_DIRECT flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482179 local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1, >destination #4 >for https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482179 >local=0.0.0.0 remote=108.138.7.88:443 HIER_DIRECT flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482180 local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #5 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482180 >local=[::] remote=[2600:9000:2490:2200:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482181 local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #6 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482181 >local=[::] remote=[2600:9000:2490:3600:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482182 local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #7 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482182 >local=[::] remote=[2600:9000:2490:7000:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482183 local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #8 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482183 >local=[::] remote=[2600:9000:2490:d600:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482184 local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #9 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482184 >local=[::] remote=[2600:9000:2490:5a00:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482185 local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #10 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482185 >local=[::] remote=[2600:9000:2490:6600:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482186 local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #11 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482186 >local=[::] remote=[2600:9000:2490:b600:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1174) handlePath: >> PeerSelector64364 >found conn482187 local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 >HIER_DIRECT >flags=1, destination #12 for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1180) handlePath: >> always_direct = >ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1181) handlePath: >> never_direct = >DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(1182) handlePath: >> timedout = 0 >> 2024/07/10 18:24:44.050 kid1| 17,3| FwdState.cc(610) noteDestination: >> conn482187 >local=[::] remote=[2600:9000:2490:aa00:3:db06:4200:93a1]:443 HIER_DIRECT >flags=1 >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(479) resolveSelected: >PeerSelector64364 found all 12 destinations for >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(480) resolveSelected: >> always_direct >= ALLOWED >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(481) resolveSelected: >> never_direct >= DUNNO >> 2024/07/10 18:24:44.050 kid1| 44,2| peer_select.cc(482) resolveSelected: >> timedout >= 0 >> 2024/07/10 18:24:44.050 kid1| 44,3| peer_select.cc(241) ~PeerSelector: >https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.050 kid1| 20,3| store.cc(458) unlock: peerSelect >> unlocking key >8349000000000000D107000001000000 e:=p2IV/0x5651b365e210*4 >> 2024/07/10 18:24:44.050 kid1| 48,3| pconn.cc(474) popStored: lookup for key >{108.138.7.18:443/download.docker.com} failed. >> 2024/07/10 18:24:44.050 kid1| 28,3| Checklist.cc(69) preCheck: >> 0x7ffef6c0a460 checking >fast ACLs >> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(110) match: >> aclMatchDomainList: >checking 'download.docker.com' >> 2024/07/10 18:24:44.050 kid1| 28,3| DomainData.cc(115) match: >> aclMatchDomainList: >'download.docker.com' NOT found >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >> SKIP_PALO_DOMAINS_FAST >= 0 >> 2024/07/10 18:24:44.050 kid1| 28,3| Acl.cc(175) matches: checked: >!SKIP_PALO_DOMAINS_FAST = 1 >> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: >> (tcp_outgoing_mark >0x14 line) = 1 >> 2024/07/10 18:24:44.051 kid1| 28,3| Acl.cc(175) matches: checked: >> tcp_outgoing_mark 0x14 >= 1 >> 2024/07/10 18:24:44.051 kid1| 28,3| Checklist.cc(62) markFinished: >> 0x7ffef6c0a460 answer >ALLOWED for match >> 2024/07/10 18:24:44.051 kid1| 17,3| FwdState.cc(1568) GetMarkingsToServer: >> from 0.0.0.0 >tos 0 netfilter mark 20 >> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(42) ConnOpener: will >> connect to >conn482189 local=0.0.0.0 remote=108.138.7.18:443 HIER_DIRECT flags=1 with 60 >timeout >> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(378) comm_openex: comm_openex: >> Attempt open >socket for: 0.0.0.0 >> 2024/07/10 18:24:44.051 kid1| 50,3| comm.cc(420) comm_openex: comm_openex: >> Opened socket >conn482190 local=0.0.0.0 remote=[::] FD 19 flags=1 : family=2, type=1, >protocol=6 >> 2024/07/10 18:24:44.051 kid1| 51,3| fd.cc(168) fd_open: fd_open() FD 19 >download.docker.com >> 2024/07/10 18:24:44.051 kid1| 50,3| QosConfig.cc(581) setSockNfmark: for FD >> 19 to 20 >> 2024/07/10 18:24:44.051 kid1| 5,3| ConnOpener.cc(312) createFd: conn482189 >> local=0.0.0.0 >remote=108.138.7.18:443 HIER_DIRECT flags=1 will timeout in 60 >> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(161) Handshake: handshake IN: >> Unknown >Handshake packet >> 2024/07/10 18:24:44.058 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: >> CLIENT HELLO >> 2024/07/10 18:24:44.058 kid1| 5,3| comm.cc(599) commSetConnTimeout: >> conn482189 >local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout >60 >> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(161) Handshake: handshake IN: >> Unknown >Handshake packet >> 2024/07/10 18:24:44.064 kid1| 83,2| Io.cc(163) Handshake: handshake OUT: >> CLIENT HELLO >> 2024/07/10 18:24:44.064 kid1| 83,2| PeerConnector.cc(279) >> handleNegotiationResult: >ERROR: Cannot establish a TLS connection to conn482189 local=X.X.X.X:36718 >remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1: >> problem: failure >> detail: SQUID_TLS_ERR_CONNECT+GNUTLS_E_FATAL_ALERT_RECEIVED >> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(625) commUnsetConnTimeout: Remove >> timeout for >conn482189 local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 >flags=1 >> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(599) commSetConnTimeout: >> conn482189 >local=X.X.X.X:36718 remote=108.138.7.18:443 HIER_DIRECT FD 19 flags=1 timeout >-1 >> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(850) _comm_close: start closing >> FD 19 by >Connection.cc:108 >> 2024/07/10 18:24:44.064 kid1| 5,3| comm.cc(586) commUnsetFdTimeout: Remove >> timeout for >FD 19 >> 2024/07/10 18:24:44.064 kid1| 83,3| Session.cc(36) tls_read_method: started >> for >session=0x5651b404d2c0 >> 2024/07/10 18:24:44.064 kid1| 51,3| fd.cc(93) fd_close: fd_close FD 19 >> server https >start >> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(471) fail: >> ERR_SECURE_CONNECT_FAIL >"Service Unavailable" >> https://download.docker.com/linux/ubuntu/dists/jammy/InRelease >> 2024/07/10 18:24:44.064 kid1| 17,3| FwdState.cc(781) retryOrBail: >> re-forwarding (1 >tries, 0 secs) _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users