Re: file descriptors leak

André Janna <andre61@xxxxxxxxxxxx> · Mon, 23 Nov 2015 16:45:53 -0200

Assin Em 22/11/2015 16:25, Eliezer Croitoru escreveu:
Hey Andre,

There are couple things to the picture.
It's not only squid that is the "blame".
It depends on what your OS tcp stack settings are.
To verify couple things you can try to use the netstat tool.
run the command "netstat -nto" to see what is the timers status.
You can then see how long will a new connection stay in the 
established state.
It might be the squid settings but if the client is not there it could 
be because of some tcp tunable kernel settings.

Hi Eliezer and Amos,
my kernel is a regular Debian Jessie kernel using the following tcp values.
    tcp_keepalive_time: 7200
    tcp_keepalive_intvl: 25
    tcp_keepalive_probes: 9
    tcp_retries1: 3
    tcp_retries2: 15
    tcp_fin_timeout: 60
So in my understanding the longest timeout is set to 2 hours and a few 
minutes for keepalive connections.

Today I monitored file descriptors 23 and 24 on my box during 5 hours 
and lsof always showed:
    squid      6574           proxy   23u     IPv6 5320944      
0t0        TCP 172.16.10.22:3126->192.168.90.35:34571 (CLOSE_WAIT)
    squid      6574           proxy   24u     IPv6 5327276      
0t0        TCP 172.16.10.22:3126->192.168.89.236:49435 (ESTABLISHED)
while netstat always showed:
    tcp6       1      0 172.16.10.22:3126 192.168.90.35:34571     
CLOSE_WAIT  6574/(squid-1)   off (0.00/0/0)
    tcp6       0      0 172.16.10.22:3126 192.168.89.236:49435    
ESTABLISHED 6574/(squid-1)   off (0.00/0/0)

The "off" flag in netstat output tells that for these sockets keepalive 
and retransmission timers are disabled.
Right now netstat shows 15,568 connections on squid port 3126 and only 
107 have timer set to a value other than "off".

I read that connections that are in CLOSE_WAIT state don't have any tcp 
timeout, it's Squid that must close the socket.

 About the connections in ESTABLISHED state, I monitored the connection 
to mobile device 192.168.89.236 using "tcpdump -i eth2 -n host 
192.168.89.236" during 2 hours and a half.
Tcpdump didn't record any packet and netstat is still displaying:
    tcp6       1      0 172.16.10.22:3126 192.168.90.35:34571     
CLOSE_WAIT  6574/(squid-1)   off (0.00/0/0)
    tcp6       0      0 172.16.10.22:3126 192.168.89.236:49435    
ESTABLISHED 6574/(squid-1)   off (0.00/0/0)

So unfortunately I still don't understand why Squid or the kernel don't 
close these sockets.

Regards,
  André

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users