Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Fix for swapstate_check.php not managing Squid cache on external/NVMe drive

    Scheduled Pinned Locked Moved Cache/Proxy
    squidswapstatenvmessd
    1 Posts 1 Posters 58 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ Offline
      JonathanLee
      last edited by

      Background:
      I have a Netgate 2100-MAX with a NVMe drive installed via mPCIe adapter, mounted at /nvme/LOGS_Optane. I use this drive for my Squid cache at /nvme/LOGS_Optane/Squid_Cache. Squid was caching and working fine but every night at 00:15 I was getting this error in the logs:

      swapstate_check.php: [squid] swapstate_check.php will NOT manage Squid cache dir '/nvme/LOGS_Optane/Squid_Cache' since it is not located under /var/squid.

      The Problem:
      The file /usr/local/pkg/swapstate_check.php has a hardcoded path check that refuses to manage any Squid cache directory not located under /var/squid/. This means if you store your cache on an external drive, NVMe, or any non-default path, the script just bails out and leaves your cache unmanaged.

      The Fix:
      Replace the hardcoded path check with proper validation that works for any cache location. Find this in swapstate_check.php:

      phpif (substr($cachedir, 0, 11) !== "/var/squid/") {
    log_error("[squid] swapstate_check.php will NOT manage Squid cache dir '{$cachedir}' since it is not located under /var/squid.");
    return;
}

      Replace it with:

      phpif (!is_dir($cachedir)) {
    log_error("[squid] swapstate_check.php: '{$cachedir}' missing. Skipping.");
    return;
}
$proxy_user = posix_getpwnam('proxy');
if (!$proxy_user) {
    log_error("[squid] swapstate_check.php: 'proxy' user not found.");
    return;
}
$stats = stat($cachedir);
$is_owner = ($stats['uid'] === $proxy_user['uid']);
$group_output = shell_exec("id -G proxy 2>/dev/null");
if (!$group_output) {
    log_error("[squid] swapstate_check.php: Could not determine proxy groups. Skipping.");
    return;
}
$proxy_groups = array_map('intval', explode(" ", trim($group_output)));
$is_in_group = in_array((int)$stats['gid'], $proxy_groups, true);
if ($stats['mode'] & 0002) {
    log_error("[squid] swapstate_check.php: Warning - '{$cachedir}' is world-writable.");
}
$can_write = ($is_owner && ($stats['mode'] & 0200)) ||
             ($is_in_group && ($stats['mode'] & 0020)) ||
             ($stats['mode'] & 0002);
if (!$can_write) {
    log_error("[squid] swapstate_check.php: '{$cachedir}' not writable by proxy. Skipping.");
    return;
}

      What this does differently:
      Instead of checking the path prefix, it validates what actually matters — does the directory exist, does the proxy user exist, and can proxy actually write to it. Works for any cache location regardless of path.

      Testing:

      bashphp -l /usr/local/pkg/swapstate_check.php  # syntax check
/usr/local/pkg/swapstate_check.php          # run manually - no output = healthy
clog /var/log/system.log | grep swapstate   # check logs

      Important: Back up your modified file as package updates will overwrite it:
      bashcp /usr/local/pkg/swapstate_check.php /conf/swapstate_check_nvme_fix.php

      Tested on pfSense Plus on a Netgate 2100-MAX. Hope this helps anyone else running Squid cache on a non-default path.

      Make sure to upvote

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.