[squid-users] Malformed HTTP on tproxy squid
Omid Kosari
omidkosari at yahoo.com
Tue Aug 16 10:23:02 UTC 2016
According to my other post
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-cpu-usage-100-from-few-days-ago-td4678894.html
Squid cpu usage becomes 100% when it forwatds some kind of malformed http
traffic .
Even one ip address with less than 5 requests per second can grow squid cpu
usage up to 30%
We have found that this request belongs to a cheap popular satellite
receiver www.starmax.co . Maybe it has been infected and becomes zombie of a
btnet .
Apart from the client type , my question is
Shouldn't squid have a mechanism to defend this types of problems ? Isn't
possible for squid to simply ignore malformed http requests ?
Is there any workaround to prevent this problem ?
Squid is in tproxy mode with routing
Ubuntu Linux 16.04 , 4.4.0-34-generic on x86_64
Squid Cache: Version 3.5.19 from debian repository
samples % image name symbol name
1532894 42.8190 libc-2.23.so _IO_strn_overflow
1028537 28.7306 libc-2.23.so _IO_default_xsputn
662802 18.5143 libc-2.23.so vfprintf
77019 2.1514 squid /usr/sbin/squid
28861 0.8062 libc-2.23.so __memset_sse2
26948 0.7528 r8169 /r8169
25320 0.7073 libc-2.23.so __memcpy_sse2_unaligned
21712 0.6065 libc-2.23.so __GI___mempcpy
14918 0.4167 libc-2.23.so _int_malloc
8889 0.2483 nf_conntrack /nf_conntrack
8130 0.2271 libc-2.23.so __GI_strchr
6357 0.1776 libc-2.23.so _int_free
4152 0.1160 libc-2.23.so re_search_internal
4043 0.1129 libc-2.23.so strlen
2754 0.0769 libstdc++.so.6.0.21
/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
2753 0.0769 libc-2.23.so free
2704 0.0755 ip_tables /ip_tables
2560 0.0715 reiserfs /reiserfs
2332 0.0651 kallsyms ___slab_alloc
2284 0.0638 libc-2.23.so malloc_consolidate
2204 0.0616 libc-2.23.so malloc
2175 0.0608 kallsyms sys_epoll_ctl
2035 0.0568 kallsyms csum_partial_copy_generic
1614 0.0451 libc-2.23.so calloc
1552 0.0434 kallsyms _raw_spin_lock
1208 0.0337 kallsyms memcpy
1203 0.0336 kallsyms nf_iterate
1177 0.0329 kallsyms irq_entries_start
1165 0.0325 kallsyms __fget
1072 0.0299 kallsyms copy_user_generic_string
1037 0.0290 kallsyms __alloc_skb
1002 0.0280 kallsyms tcp_sendmsg
945 0.0264 libc-2.23.so build_upper_buffer
875 0.0244 kallsyms kmem_cache_free
873 0.0244 kallsyms tcp_rack_mark_lost
868 0.0242 nf_nat_ipv4 /nf_nat_ipv4
861 0.0241 kallsyms kfree
837 0.0234 kallsyms __inet_lookup_established
834 0.0233 kallsyms get_partial_node.isra.61
825 0.0230 kallsyms __slab_free
815 0.0228 kallsyms sock_poll
810 0.0226 kallsyms skb_release_data
802 0.0224 nf_conntrack_ipv4 /nf_conntrack_ipv4
792 0.0221 kallsyms tcp_transmit_skb
771 0.0215 kallsyms kmem_cache_alloc
719 0.0201 kallsyms fib_table_lookup
704 0.0197 kallsyms _raw_spin_lock_irqsave
701 0.0196 kallsyms tcp_v4_rcv
699 0.0195 libm-2.23.so __ieee754_log_avx
686 0.0192 nf_nat /nf_nat
684 0.0191 kallsyms tcp_write_xmit
674 0.0188 kallsyms __cmpxchg_double_slab.isra.44
626 0.0175 kallsyms __netif_receive_skb_core
621 0.0173 libnettle.so.6.2
/usr/lib/x86_64-linux-gnu/libnettle.so.6.2
608 0.0170 kallsyms delay_tsc
600 0.0168 kallsyms ksize
595 0.0166 kallsyms tcp_ack
592 0.0165 kallsyms __local_bh_enable_i
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Malformed-HTTP-on-tproxy-squid-tp4678951.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list