[squid-users] Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid)
noc at forceline.net
noc at forceline.net
Mon Dec 19 11:57:18 UTC 2016
Oh sorry, I miss some replys.
>I think you still have a forwarding loop. Does the cisco WCCP send port
>443 connections from Squid to reach the Internet instead of sending them
>back into Squid.
interface TenGigabitEthernet0/2/0.501
description for WCCP
encapsulation dot1Q 501
ip address 192.168.253.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip wccp redirect exclude in
interface TenGigabitEthernet0/2/0.600
description SQUID external IP
encapsulation dot1Q 600
ip address 1.1.1.65 255.255.255.192
no ip redirects
no ip proxy-arp
ip wccp 70 redirect in
I'd change:
(config)# interface TenGigabitEthernet0/2/0.600
(config-subif)# no ip wccp 70 redirect in
Then restrat squid and wait for results.
I'll report.
--
Sergey
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Amos Jeffries
> Sent: Thursday, December 15, 2016 7:52 AM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Crash: every 1-2 hour: kernel: Out of
> memory: Kill process (squid)
>
> On 15/12/2016 6:24 a.m., noc at forceline.net wrote:
> > Eliezer, thanks for your reply. Guides:
> > http://wiki.squid-cache.org/Features/SslBump
> > http://wiki.squid-cache.org/Features/SslPeekAndSplice
> > https://habrahabr.ru/post/267851/ <-- Russian lang
> > https://habrahabr.ru/post/272733/ <-- Russian lang
> >
> >> First goes first change this: 13130:
> > Done, nothing changed. Squid died.
> >
> > Maby it will be work fine whith lower load even with https. But I
> don't
> > understand, why it killed by a kernel rather than just update memory
> by new
> > one.
> >
> > http://wiki.squid-cache.org/Features/SslBump
> >> Memory usage
> >>
> >> /!\ Warning: Unlike the rest of this page at the time of writing,
> this
> > section applies to Squid-3.3 and possibly later code capable of
> dynamic SSL
> > certificate generation and origin server certificate mimicking. The
> current
> > section text is intended primarily for developers and early adopters
> facing
> > excessive memory consumption in certain SslBump environments. These
> notes
> > may be relocated elsewhere if a better location is found.
> >>
> >> Current documentation is specific to bump-server-first
> configurations.
> >
> > In attach server statistic.
> >
>
>
> I think you still have a forwarding loop. Does the cisco WCCP send port
> 443 connections from Squid to reach the Internet instead of sending
> them
> back into Squid.
>
> The Via header will protect against HTTP messages looping, but the TLS
> handshake traffic has no such protection.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list