[squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

Eliezer Croitoru eliezer at ngtech.co.il
Thu Dec 15 13:13:17 UTC 2016

+1 for what Amos suggesting.
It's too weird to be caused by a special and unknown issue.
Can you minimize the test to intercept only 1 SINGLE client?
Also about the Russian tutorials, these are for building and running squid which might work.
But for the interception part on the cisco you didn't referred to any tutorial.
I can only refer a tutorial which I wrote for a cisco router:
Also squid cannot identify in any way if there is a routing or switching loop.

To illustrate:
Squid has mac address 99:99:99:99:99:91 and the switch has 99:99:99:99:99:92, 
Squid will always see packets flowing from one of the switch mac address for both legit and non legit(loops).
So you first need to verify the setup with one single client and use tcdump on the squid machine to identify by the src port if the connection is looped or not.


Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Amos Jeffries
Sent: Thursday, December 15, 2016 6:52 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

On 15/12/2016 6:24 a.m., noc at forceline.net wrote:
> Eliezer, thanks for your reply. Guides:
> http://wiki.squid-cache.org/Features/SslBump
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
> https://habrahabr.ru/post/267851/  <-- Russian lang 
> https://habrahabr.ru/post/272733/  <-- Russian lang
>> First goes first change this: 13130:
> Done, nothing changed. Squid died.
> Maby it will be work fine whith lower load even with https. But I 
> don't understand, why it killed by a kernel rather than just update 
> memory by new one.
> http://wiki.squid-cache.org/Features/SslBump
>> Memory usage
>>    /!\ Warning: Unlike the rest of this page at the time of writing, 
>> this
> section applies to Squid-3.3 and possibly later code capable of 
> dynamic SSL certificate generation and origin server certificate 
> mimicking. The current section text is intended primarily for 
> developers and early adopters facing excessive memory consumption in 
> certain SslBump environments. These notes may be relocated elsewhere if a better location is found.
>> Current documentation is specific to bump-server-first configurations.
> In attach server statistic.

I think you still have a forwarding loop. Does the cisco WCCP send port
443 connections from Squid to reach the Internet instead of sending them back into Squid.

The Via header will protect against HTTP messages looping, but the TLS handshake traffic has no such protection.


squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list