Oh sorry, I miss some replys. >I think you still have a forwarding loop. Does the cisco WCCP send port >443 connections from Squid to reach the Internet instead of sending them >back into Squid. interface TenGigabitEthernet0/2/0.501 description for WCCP encapsulation dot1Q 501 ip address 192.168.253.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip wccp redirect exclude in interface TenGigabitEthernet0/2/0.600 description SQUID external IP encapsulation dot1Q 600 ip address 1.1.1.65 255.255.255.192 no ip redirects no ip proxy-arp ip wccp 70 redirect in I'd change: (config)# interface TenGigabitEthernet0/2/0.600 (config-subif)# no ip wccp 70 redirect in Then restrat squid and wait for results. I'll report. -- Sergey > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On > Behalf Of Amos Jeffries > Sent: Thursday, December 15, 2016 7:52 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Crash: every 1-2 hour: kernel: Out of > memory: Kill process (squid) > > On 15/12/2016 6:24 a.m., noc@xxxxxxxxxxxxx wrote: > > Eliezer, thanks for your reply. Guides: > > http://wiki.squid-cache.org/Features/SslBump > > http://wiki.squid-cache.org/Features/SslPeekAndSplice > > https://habrahabr.ru/post/267851/ <-- Russian lang > > https://habrahabr.ru/post/272733/ <-- Russian lang > > > >> First goes first change this: 13130: > > Done, nothing changed. Squid died. > > > > Maby it will be work fine whith lower load even with https. But I > don't > > understand, why it killed by a kernel rather than just update memory > by new > > one. > > > > http://wiki.squid-cache.org/Features/SslBump > >> Memory usage > >> > >> /!\ Warning: Unlike the rest of this page at the time of writing, > this > > section applies to Squid-3.3 and possibly later code capable of > dynamic SSL > > certificate generation and origin server certificate mimicking. The > current > > section text is intended primarily for developers and early adopters > facing > > excessive memory consumption in certain SslBump environments. These > notes > > may be relocated elsewhere if a better location is found. > >> > >> Current documentation is specific to bump-server-first > configurations. > > > > In attach server statistic. > > > > > I think you still have a forwarding loop. Does the cisco WCCP send port > 443 connections from Squid to reach the Internet instead of sending > them > back into Squid. > > The Via header will protect against HTTP messages looping, but the TLS > handshake traffic has no such protection. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
