[squid-users] IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST) failed on FD 4125: (2) No such file or directory

I have 2 squid boxes worked fine for long time . recently i have change a
little bit in configs after that i see hickups in realtime graph and http
hangups right when following error appears in cache.log of one of squid
boxes.

IpIntercept.cc(137) NetfilterInterception: NF getsockopt(SO_ORIGINAL_DST)
failed on FD xx: (2) No such file or directory

changes i made few days ago
1. enabled access_log /var/log/squid3/access.log
2. added (.+\.||) at start of refresh_pattern rules
3. started to use jesred . there were no url_rewrite_program before

Which one can create the problem ?

My squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl trustedwebserver src xxx.xxx.160.170
acl trustednetworks src xxx.xxx.160.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager trustedwebserver
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#Don't forget firewall to allow also
acl allowed_hosts src xxx.xxx.160.0/19
acl allowed_hosts src 1.1.1.0/24
acl allowed_hosts src xxx:xxx::/32
#bottom two lines are because of
http://bugs.squid-cache.org/show_bug.cgi?id=2798
acl to_myself dst 127.0.0.0/8 xxx.xxx.160.171 10.234.56.12 1.1.1.12
http_access deny to_myself
#up two lines are because of
http://bugs.squid-cache.org/show_bug.cgi?id=2798
http_access allow allowed_hosts
http_access deny all
http_port 3128 intercept
http_port 3129 tproxy
coredump_dir /var/spool/squid3
cache_mem 3 GB
maximum_object_size 150 MB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /cache2 101000 36 256
cache_dir aufs /cache3 101000 36 256
cache_dir aufs /cache4 101000 36 256
dns_nameservers xxx.xxx.160.172 208.67.222.222 208.67.220.220
refresh_pattern -i
(.+\.||)microsoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)windowsupdate.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|iso|psf)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)eset.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ver|nup)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)avg.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)grisoft.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)grisoft.cz/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|ctf|bin|gz)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)avast.com/.*\.(cab|exe|dll|ms[i|u|f]|asf|wm[v|a]|dat|zip|vpx|vpu|vpa|vpaa|def|stamp)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)kaspersky-labs.com/.*\.(cab|zip|exe|msi|msp|bz2|avc|kdc|klz|dif|dat|kdz|kdl|kfb)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i
(.+\.||)kaspersky.com/.*\.(cab|zip|exe|msi|msp|bz2|avc|kdc|klz|dif|dat|kdz|kdl|kfb)
10080 100% 172800 ignore-no-cache ignore-no-store ignore-reload
ignore-private
refresh_pattern -i (.+\.||)nai.com/.*\.(gem|zip|mcs|tar|exe|) 10080 100%
172800 ignore-no-cache ignore-no-store ignore-reload ignore-private
refresh_pattern -i (.+\.||)adobe.com/.*\.(cab|aup|exe|msi|upd|msp) 10080
100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private
refresh_pattern -i (.+\.||)symantecliveupdate.com/.*\.(zip|exe|msi) 10080
100% 172800 ignore-no-cache ignore-no-store ignore-reload ignore-private

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
tcp_outgoing_address xxx.xxx.160.171
cache_mgr admin_at_xx.com
httpd_suppress_version_string on
visible_hostname cache.xx.com
unique_hostname cache.xx.com
hostname_aliases ns2.xx.com

cachemgr_passwd xx all
store_avg_object_size 80 KB
uri_whitespace allow
strip_query_terms off
ignore_unknown_nameservers off
#memory_pools should be off http://bugs.squid-cache.org/show_bug.cgi?id=1956
memory_pools off
memory_pools_limit 0
#error_directory /usr/share/squid3/errors/en-us
forwarded_for transparent
via off
acl snmpacl snmp_community xx
snmp_access allow snmpacl localhost
snmp_access allow snmpacl trustednetworks
snmp_access deny all
snmp_port 3444
client_db off

access_log /var/log/squid3/access.log squid
qos_flows local-hit=0x30
qos_flows sibling-hit=0x30
qos_flows parent-hit=0x30
buffered_logs on
max_filedescriptors 32768
error_directory /etc/squid3/en
err_page_stylesheet none
htcp_port 4827
acl allowed_htcp src 1.1.1.0/24
acl allowed_htcp src xxx.xxx.160.171
acl allowed_htcp src xxx.xxx.160.173
acl allowed_htcp src xxx:xxx::3:0:0:0:0/64
htcp_access allow allowed_htcp
htcp_access deny all
miss_access deny allowed_htcp
cache_peer 1.1.1.14 sibling 3128 4827 proxy-only htcp no-tproxy name=cache2

acl to_redirect_program dstdomain "/etc/squid3/to_redirect_program.acl"
url_rewrite_access allow to_redirect_program
url_rewrite_access deny all
url_rewrite_bypass on
#url_rewrite_children 5 startup=5 idle=15 concurrency=0
url_rewrite_children 50
url_rewrite_program /usr/lib/squid/jesred
minimum_object_size 0 bytes

content of to_redirect_program.acl

.server.cn
.cpe.management
.wpad.domain.name
.isatap.home
.scorecardresearch.com

even i increased the number of url_rewrite_children from 5 to 20 to 50 .
problem still appears .

root_at_cache:~# echo "$( cat /proc/sys/net/netfilter/nf_conntrack_count ) /
$( cat /proc/sys/net/netfilter/nf_conntrack_max )"
291115 / 524288

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/IpIntercept-cc-137-NetfilterInterception-NF-getsockopt-SO-ORIGINAL-DST-failed-on-FD-4125-2-No-such-fy-tp4662558.html
Sent from the Squid - Users mailing list archive at Nabble.com.