+1 for what Amos suggesting. It's too weird to be caused by a special and unknown issue. Can you minimize the test to intercept only 1 SINGLE client? Also about the Russian tutorials, these are for building and running squid which might work. But for the interception part on the cisco you didn't referred to any tutorial. I can only refer a tutorial which I wrote for a cisco router: http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2 Also squid cannot identify in any way if there is a routing or switching loop. To illustrate: Squid has mac address 99:99:99:99:99:91 and the switch has 99:99:99:99:99:92, Squid will always see packets flowing from one of the switch mac address for both legit and non legit(loops). So you first need to verify the setup with one single client and use tcdump on the squid machine to identify by the src port if the connection is looped or not. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Amos Jeffries Sent: Thursday, December 15, 2016 6:52 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Crash: every 1-2 hour: kernel: Out of memory: Kill process (squid) On 15/12/2016 6:24 a.m., noc@xxxxxxxxxxxxx wrote: > Eliezer, thanks for your reply. Guides: > http://wiki.squid-cache.org/Features/SslBump > http://wiki.squid-cache.org/Features/SslPeekAndSplice > https://habrahabr.ru/post/267851/ <-- Russian lang > https://habrahabr.ru/post/272733/ <-- Russian lang > >> First goes first change this: 13130: > Done, nothing changed. Squid died. > > Maby it will be work fine whith lower load even with https. But I > don't understand, why it killed by a kernel rather than just update > memory by new one. > > http://wiki.squid-cache.org/Features/SslBump >> Memory usage >> >> /!\ Warning: Unlike the rest of this page at the time of writing, >> this > section applies to Squid-3.3 and possibly later code capable of > dynamic SSL certificate generation and origin server certificate > mimicking. The current section text is intended primarily for > developers and early adopters facing excessive memory consumption in > certain SslBump environments. These notes may be relocated elsewhere if a better location is found. >> >> Current documentation is specific to bump-server-first configurations. > > In attach server statistic. > I think you still have a forwarding loop. Does the cisco WCCP send port 443 connections from Squid to reach the Internet instead of sending them back into Squid. The Via header will protect against HTTP messages looping, but the TLS handshake traffic has no such protection. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
