-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2014 5:26 a.m., Steve Hill wrote: > > I think I've identified the bulk of the memory "leak" I've been > tracking down for the past few days. As it turns out, it doesn't > seem to be a leak, but a problem with the SSL certificate caching. > > The certificate cache is set by dynamic_cert_mem_cache_size and > defaults to 4MB. Squid assumes an SSL context is 1KB, so we can > cache up to 4096 certificates: > > /// TODO: Replace on real size. #define SSL_CTX_SIZE 1024 > > Unfortunately the assumed size isn't even close - it looks like an > SSL context usually weighs in at about 900KB! So the default limit > means the cache can actually grow to around 3.6GB. To make matters > worse, each worker gets its own cache, so in an 8-way SMP > configuration, the default "4MB" cache size limit actually ends up > as around 30GB. Aha, yes. That is http://bugs.squid-cache.org/show_bug.cgi?id=4005 If I'm understanding the discussions so far the "leak" is data stored internally by OpenSSL when allocating certificate contexts. In this case the generated cert chain and additional data. Squid has no way to know how big that all is (varies between just a few KB and your MB), so only accounts for what it can see. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUOBNHAAoJELJo5wb/XPRjgV0IANZpG56V3WrgjLPuLIDcOaJa vqGXUbjZNzFVl6IMxXSdgxjZrjTwMzlYzYig3JQ0HUTwxSF8akXaNSLrGrZEW2mp 35w5ks9G3fh897P25prScyhWIuEV6KJOvWYxyseWNvRdth/EJRrTGLUJsv59US1E b/W2251VOPJqCcEDovxBV2hvXMtBhJKQ0re+xhy5ot6EHs2TzSAdLqJlei5XypWg FOwhHpwmcqPFyc3JlklSakTNcri0tNgswebNmp6Xbcs1Js4r0PRH7uNohr76wDJC YmX1VfYX64aQxkkl1l4rlRW+PKEm7UHXZjlOnAxqKqiq+89VApw93pKkE6DoePc= =fGD9 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
