Dansguardian 2.12.0.3 Signal 11
-
Based on some notes here http://contentfilter.futuragts.com/wiki/doku.php?id=faq (see FAQ 26b)
I have bumped the following sysctl values (in loader.conf.local):
kern.ipc.shmseg=512
kern.ipc.shmmni=512
kern.ipc.semmni=512
kern.ipc.msgssz=64
kern.ipc.shm_use_phys=1at the moment, I have maxchildren set to 120 and maxsparechildren at 48
Still getting them…
I'm not really wanting to try a "reinstall" though... This is a fresh install of pfSense 2.0.3 64 bit and the only packages that I've added are:
-
Cron
-
File Manager
-
vHosts
-
Dansguardian
-
Squid 3
I'm currently using the patched dansguardian 2.12.0.3 (just copied over the executable).
-
-
Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid
-
Please, can you try this latest version and let me know if it works (better) for you ? http://numsys.eu/search.php?search=Squid
I'll compile it and push to my repo.
Fredb, nice to see you on pfsense forum :)
Most work I did on dansguardian 2.12 was for this package on pfsense.
-
Hi,
Your work is included in "my" dansguardian versionI hope, if I can …, rewrite the engine with kqueue for *BSD and epool for Linux and remove the old select() call, maybe this point is a part of problem signal 11
-
2.12.0.6 compiled and pushed to my repo.
amd64
http://e-sac.siteseguro.ws/packages/amd64/8/All/dansguardian-2.12.0.6.tbzi386
http://e-sac.siteseguro.ws/packages//8/All/dansguardian-2.12.0.6.tbzboth complied with maxfiles=8192
Also, I've removed squid ports compile depend. It will not force any squid version anymore.
-
Configuration files http://numsys.eu/dansguardian/
Requires
Proxy timeout
Set tcp timeout between the Proxy and DansGuardian
Min 5 - Max 100
proxytimeout = 20
Proxy header exchange
Set timeout between the Proxy and DansGuardian
Min 20 - Max 300
proxyexchange = 20
Pconn timeout
how long a persistent connection will wait for other requests
squid apparently defaults to 1 minute (persistent_request_timeout),
so wait slightly less than this to avoid duff pconns.
Min 5 - Max 300
pcontimeout = 55
Now you can can disabled some (if) unused values, like maxcontentramcachescansize, I think It should be interesting about signal 11 and a potential memory leak.
-
Configuration files http://numsys.eu/dansguardian/
Requires
Proxy timeout
Set tcp timeout between the Proxy and DansGuardian
Min 5 - Max 100
proxytimeout = 20
Proxy header exchange
Set timeout between the Proxy and DansGuardian
Min 20 - Max 300
proxyexchange = 20
Pconn timeout
how long a persistent connection will wait for other requests
squid apparently defaults to 1 minute (persistent_request_timeout),
so wait slightly less than this to avoid duff pconns.
Min 5 - Max 300
pcontimeout = 55
Now you can can disabled some (if) unused values, like maxcontentramcachescansize, I think It should be interesting about signal 11 and a potential memory leak.
Marcello… are you going to add these config settings to the UI? If I manually add them to the config files, will they be dropped when I save via the UI?
-
Marcello… are you going to add these config settings to the UI?
yes. you can force it on dansguardian.inc near
$proxytimeout=($dansguardian['proxytimeout']?$dansguardian['proxytimeout']:"30");If I manually add them to the config files, will they be dropped when I save via the UI?
Yes.
-
yes. you can force it on dansguardian.inc near
$proxytimeout=($dansguardian['proxytimeout']?$dansguardian['proxytimeout']:"30");Thanks - No problem… I'll add them on my setup.
-
yes. you can force it on dansguardian.inc near
The easiest thing to do was to just add them into dansguardian.conf.template - so that's what I did for now.
Up and running with 2.12.0.6 - I'll keep you posted…!!!
Thanks!
-
If You See Something, please try to reduce your unused values to 0
-
If You See Something, please try to reduce your unused values to 0
Besides "maxcontentramcachescansize", which ones are no longer used?
-
Yes, options with maxsomething, for example those for AV scan, but not now please
EDIT: Only those you don't use of courseMax content filter size
Sometimes web servers label binary files as text which can be very
large which causes a huge drain on memory and cpu resources.
To counter this, you can limit the size of the document to be
filtered and get it to just pass it straight through.
This setting also applies to content regular expression modification.
The value must not be higher than maxcontentramcachescansize
The size is in Kibibytes - eg 2048 = 2Mb
use 0 to set it to maxcontentramcachescansize
maxcontentfiltersize = 0 -> If weightedphrasemode = 0
Max content ram cache scan size
This is only used if you use a content scanner plugin such as AV
This is the max size of file that DG will download and cache
in RAM. After this limit is reached it will cache to disk
This value must be less than or equal to maxcontentfilecachescansize.
The size is in Kibibytes - eg 10240 = 10Mb
use 0 to set it to maxcontentfilecachescansize
This option may be ignored by the configured download manager.
maxcontentramcachescansize = 0 if no AV
Max content file cache scan size
This is only used if you use a content scanner plugin such as AV
This is the max size file that DG will download
so that it can be scanned or virus checked.
This value must be greater or equal to maxcontentramcachescansize.
The size is in Kibibytes - eg 10240 = 10Mb
maxcontentfilecachescansize = 0 if no AV
-
OK… good info, but I can't change any of them anyway. I'm using weightedphrasemode=1 and I'm also doing virus scanning...
Thanks
-
kernel: pid 53406 (dansguardian), uid 106: exited on signal 11Just got another one… :-[
-
Just got another one… :-[
[/quote]How many on older version.
this latest version suports max clients=8192
-
If you play with maxagechildren it change something ?
I mean maxagechildren = 10 more signal 11 than maxagechildren = 15000 ? -
Just got another one… :-[
[/quote]How many on older version.
this latest version suports max clients=8192
So far it doesn't seem like I'm getting as many. I've only had one in the last 24 hours and I was getting a half dozen or so. I'll try playing with MaxAgeChildren as well…
-
Traffic as usual ? more or less ?
-
Traffic as usual ? more or less ?
Haven't been monitoring total traffic well enough to know. I dropped MaxAgeChildren from 4000 down to 1000 after my last post and I got 5 more signal 11's last night…
I'll bump it up to about 8000 and see what happens.
