[squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 15 04:52:21 UTC 2016


On 15/12/2016 6:24 a.m., noc at forceline.net wrote:
> Eliezer, thanks for your reply. Guides:
> http://wiki.squid-cache.org/Features/SslBump
> http://wiki.squid-cache.org/Features/SslPeekAndSplice
> https://habrahabr.ru/post/267851/  <-- Russian lang
> https://habrahabr.ru/post/272733/  <-- Russian lang
> 
>> First goes first change this: 13130:
> Done, nothing changed. Squid died.
> 
> Maby it will be work fine whith lower load even with https. But I don't
> understand, why it killed by a kernel rather than just update memory by new
> one.
> 
> http://wiki.squid-cache.org/Features/SslBump
>> Memory usage
>>
>>    /!\ Warning: Unlike the rest of this page at the time of writing, this
> section applies to Squid-3.3 and possibly later code capable of dynamic SSL
> certificate generation and origin server certificate mimicking. The current
> section text is intended primarily for developers and early adopters facing
> excessive memory consumption in certain SslBump environments. These notes
> may be relocated elsewhere if a better location is found. 
>>
>> Current documentation is specific to bump-server-first configurations.
> 
> In attach server statistic.
> 


I think you still have a forwarding loop. Does the cisco WCCP send port
443 connections from Squid to reach the Internet instead of sending them
back into Squid.

The Via header will protect against HTTP messages looping, but the TLS
handshake traffic has no such protection.

Amos



More information about the squid-users mailing list