Error while writing to TCP socket: Permission denied

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Error while writing to TCP socket: Permission denied

Ишаяhу Ластов

I use squid on freebsd 10.3. When I set proxy adress in web brouser, I can't attach files to mail on mail.ru. Whithout proxy it works. In access.log there are no errors. In cache.log I've got:

2017/05/29 21:12:16 kid1| local=217.151.68.36:34572 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied
2017/05/29 21:12:16 kid1| local=217.151.68.36:36057 remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13) Permission denied

FD can change If I understand right, how to use lson, then

root@bkp_router:/home/ishayahu # lsof -d44
COMMAND   PID  USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
squid   30197 squid   44u  IPv4 0xfffff80029788810      0t0  TCP broadband-68-36.clients.extel.ru:48387->e.mail.ru:https (ESTABLISHED)

broadband-68-36.clients.extel.ru is ISP's router

How can I solve that problem?

PS: settings like

#request_body_max_size 0
#reply_body_max_size 0
#request_header_max_size 64 KB
#reply_header_max_size 64 KB
#client_request_buffer_max_size 50 Mb
#acl post method POST
#http_access allow post localnet

doesn't help

#ktrace -d -p 667 kdump>kdump.out

Searching in kdump.out for denied:

4529011-  6776 squid    GIO   fd 5 read 32 bytes
4529052-       0x0000 1b00 0000 0000 0000 feff 1000 0000 0000 400f 0000 0000 0000 0000 0000 0000 0000                 |................@...............|
4529197-
4529198-  6776 squid    RET   kevent 1
4529229-  6776 squid    CALL  write(0x1b,0x8057c3000,0x5b4)
4529281:  6776 squid    RET   write -1 errno 13 Permission denied
4529339-  6776 squid    CALL  write(0x4,0x802dbf000,0x88)
4529389-  6776 squid    GIO   fd 4 wrote 136 bytes
4529432:       "2017/06/04 17:34:06 kid1| local=217.151.68.36:42442 remote=217.69.139.216:443 FD 27 flags=1: read/write failure: (13) Permission denied
4529576-       "
4529585-  6776 squid    RET   write 136/0x88
4529622-  6776 squid    CALL  close(0x1b)
4529656-  6776 squid    RET   close 0
4529686-  6776 squid    CALL  close(0x19)

In kdump.out I see, that socekt was opened, was bunch of reading/writing to it, and without any seeing reason it ends with error.
Here socket opens:

root@bkp_router:/home/ishayahu # cat kdump.out | grep -b10 "RET socket 27/0x1b"

4534031-  6776 squid    GIO   fd 25 read 196 bytes
4534074-       "CONNECT e.mail.ru:443 HTTP/1.1\r
4534115-        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0\r
4534204-        Proxy-Connection: keep-alive\r
4534236-        Connection: keep-alive\r
4534262-        Host: e.mail.ru:443\r
4534285-        \r
4534289-       "
4534298-  6776 squid    RET   read 196/0xc4
4534334-  6776 squid    CALL  socket(PF_INET,SOCK_STREAM,IPPROTO_TCP)
4534396:  6776 squid    RET   socket 27/0x1b
4534433-  6776 squid    CALL  fcntl(0x1b,F_GETFD,0)
4534477-  6776 squid    RET   fcntl 0
4534507-  6776 squid    CALL  fcntl(0x1b,F_SETFD,FD_CLOEXEC)
4534560-  6776 squid    RET   fcntl 0
4534590-  6776 squid    CALL  fcntl(0x1b,F_GETFL,0)
4534634-  6776 squid    RET   fcntl 2
4534664-  6776 squid    CALL  fcntl(0x1b,F_SETFL,0x6<O_RDWR|O_NONBLOCK>)
4534729-  6776 squid    RET   fcntl 0
4534759-  6776 squid    CALL  setsockopt(0x1b,0x6,0x1,0x7fffffffe484,0x4)
4534825-  6776 squid    RET   setsockopt 0



--
Ишаяhу Ластов

+7-906-772-88-86
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Error while writing to TCP socket: Permission denied

Amos Jeffries
Administrator
On 07/06/17 22:54, Ишаяhу Ластов wrote:

>
> I use squid on freebsd 10.3. When I set proxy adress in web brouser, I
> can't attach files to mail on mail.ru. Whithout proxy it works. In
> access.log there are no errors. In cache.log I've got:
>
> |2017/05/29 21:12:16 kid1| local=217.151.68.36:34572
> remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13)
> Permission denied 2017/05/29 21:12:16 kid1| local=217.151.68.36:36057
> remote=217.69.139.216:443 FD 44 flags=1: read/write failure: (13)
> Permission denied |
>
> FD can change If I understand right, how to use lson, then
>

FD in this case is an open network connection. Each TCP connection has
exactly one FD in Squid. They get re-used like ports, but it should
remain unchanged as long as the TCP connection exists. Another identical
TCP connection made later may get a different FD.

 > How can I solve that problem?


It is rather odd to have "Permission denied" (filesystem error!) on a
network socket. The network equivalent is a failure to connect in the
first place, or a sudden close event if already open. I suspect a bug in
your OS kernel or whatever security system it has controlling access to
system resources.

If this were Linux I would point at SELinux misconfiguration, but I'm
not sure what (if anything) FreeBSD has doing that sort of control.


Sorry
Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...