From: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
Date: Sat, 12 Feb 2022 05:56:46 +0000 (+0000)
Subject: Do not stop listening after "ERROR: NAT/TPROXY lookup failed..." (#837)
X-Git-Tag: SQUID_6_0_1~234
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9fd3e68c3d0dfd6035db98ce142cf425be6c5fc1;p=thirdparty%2Fsquid.git

Do not stop listening after "ERROR: NAT/TPROXY lookup failed..." (#837)

_Intermittent_ NAT/TPROXY lookup failures can happen for several reasons
outside Squid control. For example, flushing conntrack tables under load
is likely to trigger such errors. Squid should not stop listening if
there is a good change that the next accept(2) will be fully successful.
We already apply the same logic to several other accept problems today.

Also added an XXX that TcpAcceptor::mustStop() does not work as expected
on error.
---

diff --git a/src/comm/TcpAcceptor.cc b/src/comm/TcpAcceptor.cc
index 73ab12c5c9..8aa57a9d1e 100644
--- a/src/comm/TcpAcceptor.cc
+++ b/src/comm/TcpAcceptor.cc
@@ -282,6 +282,7 @@ Comm::TcpAcceptor::acceptOne()
         if (intendedForUserConnections())
             logAcceptError(newConnDetails);
         notify(flag, newConnDetails);
+        // XXX: not under async job call protections
         mustStop("Listener socket closed");
         return;
     }
@@ -394,8 +395,7 @@ Comm::TcpAcceptor::oldAccept(Comm::ConnectionPointer &details)
     // Perform NAT or TPROXY operations to retrieve the real client/dest IP addresses
     if (conn->flags&(COMM_TRANSPARENT|COMM_INTERCEPTION) && !Ip::Interceptor.Lookup(details, conn)) {
         debugs(50, DBG_IMPORTANT, "ERROR: NAT/TPROXY lookup failed to locate original IPs on " << details);
-        // Failed.
-        return Comm::COMM_ERROR;
+        return Comm::NOMESSAGE;
     }
 
 #if USE_SQUID_EUI