On 26/08/2016 2:58 a.m., Peter Viskup wrote: > Hello all, > we do experience some connection issues with SFTP and clear HTTP > clients on Squid 3.4 version built with SSL split. What is this "SSL split" you speak of? Squid does not support SFTP as far as I am aware except by CONNECT tunnelling done by the client. Which is difficult since (S)FTP has several TCP connections going in different directions at once. > We occasionally see ERR_CONNECT_FAIL with SYSERR=110. TCP connection setup failed. Whatever your operating system means by the "110" message is the reason why. > > Just discovered higher value of "HTTP I/O number of reads" at the time > the issue occur. If you mean the SNMP OID *.1.3.1.2.0 (aka cacheSysNumReads). Which is described as "HTTP I/O number of reads". It is the counter of how many system read(2) I/O operations that have been done for HTTP traffic. Being a counter, it will only ever go up. > I am not able to understand this value - what it points to. Sometimes > the value of HTTP I/O number of reads jump from tenths to 6000 or even > higher. > Since you imply that you are proxying CONNECT tunnels containing entire SFTP transactions. It would be reasonable to expect a lot of read operations to happen for them. Both the 'S' and the 'FTP' layers each have a lot of small messages going back and forth through the tunnel. You might also be having bug 2907. Which is fixed in Squid-3.5. Please try an upgrade. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
