[squid-users] squid and netdata causes squid to drop SYN?
Amish
anon.amish at gmail.com
Wed Jan 22 05:55:08 UTC 2020
On 21/01/20 9:09 pm, Alex Rousskov wrote:
> On 1/20/20 11:28 PM, Amish wrote:
>
>> 2) Is calling squidclient so frequently a right thing to do by netdata?
> The answer depends on what cache manager query (or queries) your netdata
> is sending to Squid. Sending some queries every second is perfectly
> fine, but there are other, "heavy" queries that should not be sent so
> often and could, if sent with a high enough concurrency level,
> effectively DoS a Squid instance. For example, queries that require
> iterating all cached objects should not be sent to busy Squids.
>
> If netdata does not document the queries it uses, you can probably use
> Squid access.log to figure out what queries netdata is sending (and how
> long they take).
Thanks Matus UHLAR and Alex for responses.
I have not gone in detail through netdata sources but here is whatever I
could find.
Squid python code that runs HTTP query on squid: (I have never coded in
python)
https://github.com/netdata/netdata/blob/master/collectors/python.d.plugin/squid/squid.chart.py
Configuration that decides what to query. (netdata chooses one of
options specified)
https://github.com/netdata/netdata/blob/master/collectors/python.d.plugin/squid/squid.conf
It appears that it runs a query on "counters". But I dont know if that
is counted as a "heavy" query or not.
> N.B. If netdata is killing the previous query when starting a new
> would-be-concurrent query, then there should be no DoS conditions -- a
> single "heavy" query may slow Squid down a bit but should not stall the
> whole Squid instance. Thus, if netdata ensures that the number of
> concurrent cache manager queries is small, then there may be a Squid bug
> related to terminating an aborted query. Otherwise, one could argue that
> the lack of concurrency controls is a netdata bug.
Not sure if netdata terminates previous query or not. But I do see use
of keep-alive in netdata code.
And also I completely understand that this area needs to be looked upon
by netdata team. I will follow up with them.
But posting here just case, a quick glance can reveal a squid bug (or
buggy approach by netdata) somewhere.
Thanks again and regards,
Amish.
More information about the squid-users
mailing list