I recently (well a month or so ago) tried to upgrade squid after my old
version got overwritten
by an OS related upgrade.
now I am seeing TCP_SWAPFAIL/200 messages in my log -- that doesn't
sound good.
Why would I be getting such?
It appears the local disk-store isn't growing over time -- so I'm
assuming it it telling
me the on-disk store isn't working right?
I used a similar config to my previous one (below), so I'm not sure why
it would be
croaking now... Is there something "illegal" bout my config?
I also included my non-comment squid.conf lines following that just to be
thorough....
i'd really like to get squid back to being 100%
solid-bullet-proof...which it
isn't right now (have had truncated downloads on longer downloads)...
I'm also getting occasional core dumps in the base of the cache dir,
which is
usually a bad sign... ;-| Haven't had a chance to try to check the
stack trace yet,
but was wondering if anything looked amiss with my swap setup.
It's a 12core 48G machine, with a reasonably fast Raid so it should
have plenty of horse power for 1 user...but I find it can't keep up with
my browsing habits... which is insane considering it's usually used
for 10's-100's of users w/no prob...I know I am not that fast..
Any pointing out of "gotcha's" would be appreciated!...
squid -v
Squid Cache: Version 3.2.0.16
configure options: 'CFLAGS=-g -m64 -O2 -march=native -pipe -D_REENTRENT
'CCFLAGS=-g -m64 -O2 -march=native -pipe -D_REENTRENT 'LDFLAGS= -s'
'--prefix=/usr' '--bindir=/usr/sbin' '--datadir=/usr/share/squid'
'--libexecdir=/usr/sbin' '--libdir=/usr/lib64'
'--localstatedir=/var/cache/squid' '--sharedstatedir=/var/lib/squid'
'--sysconfdir=/etc/squid' '--docdir=/usr/share/packages/doc/squid'
'--with-aufs-threads=24' '--with-logdir=/var/log/squid'
'--with-mandir=/usr/share/man' '--with-piddir=/var/run/squid/squid.pid'
'--with-default-user=squid' '--with-gnu-ld' '--with-included-ltdl'
'--with-pic' '--with-large '--with-ltdl-lib=/usr/lib64'
'--enable-build-info' '--enable-cachemgr-hostname' '--enable-disk-io'
'--disable-ecap' '--disable-icap-client' '--enable-kill-parent-hack'
'--enable-linux-netfilter' '--enable-ltld-install' '--enable-referer-log'
'--enable-removal-policies' '--enable-stacktraces' '--enable-storeio'
'--enable-useragent-log' '--enable-zph-qos' '--enable-x-accelerator-vary'
'--disable-xmalloc-statistics' '--disable-auto-locale' '--disable-htcp'
'--disable-ident-lookups' '--disable-ipv6' '--disable-snmp'
'--disable-translation' '--without-netfilter-conntrack'
'EXT_LIBECAP_CFLAGS=-lecap' 'EXT_LIBECAP_LIBS=/usr/lib/libecap.so.2'
+ a bunch of compiler optimization switches: (that I also mostly used,
though gcc is a newer version and a few options might be different)
-fpie -fmessage-length=0 -funwind-tables -fasynchronous-unwind-tables
-fbranch-target-load-optimize -fira-loop-pressure -fgcse -fgcse-las
-fgcse-lm -fgcse-sm -floop-interchange -floop-strip-mine -floop-block
-flto -fpredictive-commoning -frename-registers -ftree-loop-linear
-ftracer -ftree-loop-distribution -ftree-loop-im -ftree-loop-ivcanon
-fivopts -ftree-vectorize -funswitch-loops
-fvariable-expansion-in-unroller -freorder-blocks-and-partition -fweb'
Non-comment squid conf lines :
acl sc_subnet src 192.168.3.0/24
acl localnet src 192.168.3.0/24 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 82 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1024-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Allowed_Connect port 1024-65535 #allowed non-SSL Connects to
non-reserved ports
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager sc_subnet
http_access deny manager
http_access deny !Safe_ports
http_access allow CONNECT Safe_Ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 192.168.3.1:8080
hierarchy_stoplist cgi-bin ?
cache_mem 8 GB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /var/cache/squid 65535 64 64
maximum_object_size 1 GB
cache_swap_low 93
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid/squid.pid
strip_query_terms off
buffered_logs on
cache_log daemon:/var/log/squid/cache.log
coredump_dir /var/cache/squid
url_rewrite_host_header off
url_rewrite_access deny all
url_rewrite_bypass on
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(ico|gif|jpg|png) 0 20% 4320 ignore-no-cache
ignore-private override-expire
refresh_pattern -i ^http: 0 20% 4320 ignore-no-cache ignore-private
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
read_ahead_gap 256 MB
negative_ttl 3 seconds
range_offset_limit 16 MB
store_objects_per_bucket 16
request_header_max_size 384 KB
via off
vary_ignore_expire on
request_header_access From deny all
request_header_access Referer deny all
request_header_access Server deny all
request_header_access User-Agent deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
reply_header_access From deny all
reply_header_access Referer deny all
reply_header_access Server deny all
reply_header_access User-Agent deny all
reply_header_access WWW-Authenticate deny all
reply_header_access Link deny all
request_timeout 4 minutes
half_closed_clients on
shutdown_lifetime 8 seconds
visible_hostname web-proxy
hostname_aliases ishtar ishtar.sc.tlinx.org web-proxy
ns1.sc.tlinx.org
umask 027
dns_defnames on
memory_pools_limit 4096 GB
forwarded_for delete
pipeline_prefetch on
high_response_time_warning 7000
high_page_fault_warning 1024
high_memory_warning 24 GB
workers 8
