On Wed, 23 Jan 2013, Farooq Bhatti wrote:
For your information I have installed the same version on two machines
one is working fine for staff but this machine which is serving students
is creating problem of squid crash.
However In my further analysis I found following in cache.log file seems
users deliberately doing some techniques to make the squid crash. Please
advise.
2013/01/19 11:20:21| WARNING: HTTP header contains NULL characters {Accept: */*
2013/01/19 16:46:40| squidaio_queue_request: WARNING - Queue congestion
2013/01/19 17:52:36| WARNING: Closing client 192.168.105.214 connection due to
lifetime timeout
2013/01/19 21:59:50| WARNING: Forwarding loop detected for:
2013/01/19 23:06:39| squidaio_queue_request: WARNING - Disk I/O overloading
I doubt anything there is malicious. The NULL character problem is
probably from a badly written application that a couple of us have seen
evidence of but in 3.1 and 3.2 at least it doesn't crash the server
directly, just leaks memory (see
http://bugs.squid-cache.org/show_bug.cgi?id=3567 ) so that probably isn't
what is crashing your server.
The "Forwarding loop" warning could be from a misconfiguration at your
end or from someone trying to do something silly, but it is probably
something you can solve or prevent by suitable configuration in
squid.conf, and is again unlikely to cause your crash.
I suspect your crash is triggered by some traffic that happens on the
student side but not the on the staff side. The backtrace from gdb might
tell us more (run gdb /some/path/squid /some/path/corefile and issue the
command bt) but you will probably either to raise the issue with the LUSCA
developers as has previously been suggested or build yourself a current
version of squid such as 3.2.6 (probably with the patch from Bug 3567
above added as it isn't in the 3.2 code yet) which might fix your crash,
or give recent enough information to allow proper debugging of your issue.
Michael Young
