[squid-users] High CPU Usage with ssl_bump
Yuri Voinov
yvoinov at gmail.com
Thu Apr 21 13:33:47 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Not necessary. May be bottleneck in OS.
21.04.16 19:25, Odhiambo Washington пишет:
> So, what could possibly be wrong with my setup, that squid consumes so much CPU?
>
> On 21 April 2016 at 16:22, Yuri Voinov <yvoinov at gmail.com
<mailto:yvoinov at gmail.com>> wrote:
>
>
> It must not be. My most active setup has 3% CPU all time dirung peak
hours.
>
> Typical view:
>
> https://i1.someimage.com/NzM1erI.png
>
>
> 21.04.16 19:18, Odhiambo Washington пишет:
> > Is is expected that using
> ssl_bump results into high CPU usage all the time?
>
>
>
> > This is squid-3.5.17
>
>
>
> > That is what I am seeing:
>
>
>
> > last pid: 26673; load averages: 2.24, 2.00,
>
2.10
> up 0+03:47:56 16:08:30
>
> > 160 processes: 2 running, 157 sleeping, 1 zombie
>
> > CPU: 86.1% user, 0.0% nice, 7.8% system, 3.3% interrupt,
> 2.7% idle
>
> > Mem: 843M Active, 1942M Inact, 185M Wired, 43M Cache, 89M
> Buf, 97M Free
>
> > Swap: 5900M Total, 1248K Used, 5899M Free
>
>
>
> > PID USERNAME THR PRI NICE SIZE RES STATE C
> TIME WCPU COMMAND
>
> > 13309 squid 17 20 0 305M 264M uwait 0
> 7:38 80.86% squid
>
> > 26088 squid 1 21 0 12812K 5352K sbwait 1
> 0:04 2.49% ssl_crtd
>
> > 26090 squid 1 20 0 12812K 5272K sbwait 1
> 0:01 0.88% ssl_crtd
>
>
>
>
>
> > My config has:
>
>
>
>
>
>
>
> > acl no_ssl_interception ssl::server_name
> "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
>
> > ssl_bump splice no_ssl_interception
>
> > ssl_bump peek step1
>
> > ssl_bump stare step2
>
> > #ssl_bump bump all
>
> > #ssl_bump splice all
>
>
>
> > I think I read somewhere that 'ssl_bump splice all" is the
> default behaviour, hence why I have commented it out. All I need
> is just become a TCP tunnel without decrypting proxied traffic.
>
>
>
> > Thank you.
>
>
>
>
>
> > --
>
> > Best regards,
>
> > Odhiambo WASHINGTON,
>
> > Nairobi,KE
>
> > +254 7 3200 0004/+254 7 2274 3223
>
> > "Oh, the cruft."
>
>
>
>
>
> > _______________________________________________
>
> > squid-users mailing list
>
> > squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXGNa7AAoJENNXIZxhPexGQw0H+QG5jXWboYFaClEOOwwMJ3Vl
KUI6h4pnzRrcSEkMNMu0bBRytqGVXzplK5cl2U4T+scDWWpCj3pgcb1i8wITtwze
nEhvCeG9Xq6BZujvIKvQ32pe64EIl/tjstbpxxMdGLprSFre5mUXKd1NG5JghD0E
7oWYvA/hNwo/rpevzxUzU9Z+FOmgRYJ+JEGThGa86Qe+bE3B2Kxt6RAVAUbRfBcY
M/xJBX9wgeBgxncYG0IFtbJEG12X2j9Y4KXIOoh3nTpinOi7nbACF2ryr2H7z+GT
pFuNWiSnf5eSz3lEdAv+GHPZb9Fg1noD8Mxq8+P83d4BwA/L2ba/DJIweVTSEpQ=
=asuL
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/1cdbcdd5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/1cdbcdd5/attachment.key>
More information about the squid-users
mailing list