[squid-users] High CPU Usage with ssl_bump

Odhiambo Washington odhiambo at gmail.com
Thu Apr 21 13:25:48 UTC 2016 

So, what could possibly be wrong with my setup, that squid consumes so much
CPU?

On 21 April 2016 at 16:22, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> It must not be. My most active setup has 3% CPU all time dirung peak hours.
>
> Typical view:
>
> https://i1.someimage.com/NzM1erI.png
>
>
> 21.04.16 19:18, Odhiambo Washington пишет:
> > Is is expected that  using ssl_bump results into high CPU usage all the
> time?
> >
> > This is squid-3.5.17
> >
> > That is what I am seeing:
> >
> > last pid: 26673;  load averages:  2.24,  2.00,
> 2.10
> up 0+03:47:56  16:08:30
> > 160 processes: 2 running, 157 sleeping, 1 zombie
> > CPU: 86.1% user,  0.0% nice,  7.8% system,  3.3% interrupt,  2.7% idle
> > Mem: 843M Active, 1942M Inact, 185M Wired, 43M Cache, 89M Buf, 97M Free
> > Swap: 5900M Total, 1248K Used, 5899M Free
> >
> >   PID USERNAME       THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU
> COMMAND
> > 13309 squid           17  20    0   305M   264M uwait   0   7:38  80.86%
> squid
> > 26088 squid            1  21    0 12812K  5352K sbwait  1   0:04   2.49%
> ssl_crtd
> > 26090 squid            1  20    0 12812K  5272K sbwait  1   0:01   0.88%
> ssl_crtd
> >
> >
> > My config has:
> >
> >
> >
> > acl no_ssl_interception ssl::server_name
> "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> > ssl_bump splice no_ssl_interception
> > ssl_bump peek step1
> > ssl_bump stare step2
> > #ssl_bump bump all
> > #ssl_bump splice all
> >
> > I think I read somewhere that 'ssl_bump splice all" is the default
> behaviour, hence why I have commented it out. All I need is just become a
> TCP tunnel without decrypting proxied traffic.
> >
> > Thank you.
> >
> >
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254 7 3200 0004/+254 7 2274 3223
> > "Oh, the cruft."
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXGNQsAAoJENNXIZxhPexGcZUIAL3zFz9UFuQdyfXFBilFQ0Gj
> 8F4HkxuJjNtCUYdb6BEwux9jBOjZpYScr8sRHRBPvIV8O4/2Z3QF7exjEW8Duj/G
> REWO3txPiE4pICD/AbdBuX8O++dvfjj46nz+lVeCH9JjGW0VoMHiyGtwGx1shSfY
> pGX0MguEGEtWp/7hxKAFbRivGuvyQ7Ogj8i9IgMBptMrRu4D3G75UO+9WmaHcpVx
> VAf1revHh+dWFWrO1k+zrWFIIFcwbR5LcrJeBYJ94scgPV3p68LC2ZpqUBZreYCM
> Koo9+Rss+Ix1rTSUkvTaoGOcMdrHJ1oMICHwyqtDMWlbDds5dAnnWXh5faNYPFk=
> =7YlO
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/a838e63f/attachment.html>

More information about the squid-users mailing list