On Wed, Mar 20, 2013 at 11:35:21AM +0200, Eliezer Croitoru wrote: > On 3/19/2013 9:24 PM, Oleg wrote: > >On Tue, Mar 19, 2013 at 08:49:25PM +0200, Eliezer Croitoru wrote: > >>Hey Oleg, > >> > >>I want to understand couple things about the situation. > >>what is the problem? a memory leak? > > > > 1 problem - memory leak; > > 2 problem - tproxy doesn't work in squid 3.2. > > > I can think of a way you can configure squid to do cause them both. I think this is a bug in a software, if we can do memory leak and crash with bad config. > >>How do you see the memory leak? and where? > > > > I just start squid, start top and wait about a hour when squid grow from > >40MB to 800MB and kernel kills it. > > > >>The memory leak you are talking about is in a case of tproxy usage only? > > > > It's hard to say. I was run squid 3.2, with no working tproxy (as i wrote), > >but with normal proxy on 3128 tcp port and it eat my memory too. So, tproxy > >is configured, but not used. > > > >>what is the load of the proxy cache? > >>do you use it for filtering or just plain cache? > > > > Only for filtering. > > > >>on what environment? > > > > What do mean under environment? > > > ISP? OFFICE? HOME? ELSE... ISP > >>the more details you can give on the scenario and point with your > >>finger on the problem I will be happy to assist us finding the > >>culprit. > >> > >>What linux distro are you using? > > > > Debian 6 and also tried debian 7. > My opinion is that you dont need to test on 7 or do special tests > but it helped us to understand the nature of the problem. > > Try to not use the filtering helper by using only defaults and tproxy. > and also try to use this script with trpoxy on port 3129 and > http_port 127.0.0.1:3128 > > ##start of script > #!/bin/sh -x > echo "loading modules requierd for the tproxy" > modprobe ip_tables > modprobe xt_tcpudp > modprobe nf_tproxy_core > modprobe xt_mark > modprobe xt_MARK FATAL: Module xt_MARK not found. > modprobe xt_TPROXY > modprobe xt_socket > modprobe nf_conntrack_ipv4 > sysctl net.netfilter.nf_conntrack_acct > sysctl net.netfilter.nf_conntrack_acct=1 > ip route flush table 100 > ip rule del fwmark 1 lookup 100 > ip rule add fwmark 1 lookup 100 > ip -f inet route add local default dev lo table 100 > > echo "flushing any exiting rules" > iptables -t mangle -F > iptables -t mangle -X DIVERT > > echo "creating rules" > iptables -t mangle -N DIVERT > iptables -t mangle -A DIVERT -j MARK --set-mark 1 > iptables -t mangle -A DIVERT -j ACCEPT > > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > iptables -t mangle -A PREROUTING -s ___LAN____ -p tcp -m tcp --dport > 80 -j TPROXY --on-port 3129 --tproxy-mark 0x1/0x1 > ##end of script > > > -- > Eliezer Croitoru >
