Squid 3 memory usage

boomam

On first look the only reliable to limit memory usage, it appears, is to use the "cache deny all" variable & set the disk cache to 0 - not the end of the world as i only really need it to filter, but would be nice for the caching to work correctly.

##EDIT##
This may be a bit premature as the memory is still creeping upwards, just not at quick as before.

##EDIT##
Interestingly, the output from "top" shows it going up in 4Mb increments.

boomam

Number of bug reports about squid having different types of memory leaks:
http://bugs.squid-cache.org/show_bug.cgi?id=4074
http://bugs.squid-cache.org/show_bug.cgi?id=4005

With:
http://bugs.squid-cache.org/show_bug.cgi?id=4084
Being the most generic.
Not sure if these are related to my setup however.

Anyone got any tips for getting the cache manager working on Squid3? As the top result guide on these forums doesn't appear to work for Squid3…

doktornotor

Nothing like this will get fixed here. Upstream issues need to get solved upstream.

boomam

What are the chances of the existing package being updated to the latest release?

doktornotor

Until 2.3 is released, probably none unless there's a huge security hole somewhere. Noone wants to touch PBI.

boomam

@doktornotor:

Until 2.3 is released, probably none unless there's a huge security hole somewhere. Noone wants to touch PBI.

Thought that'd be the answer. :p

Time to throw RAM at the issue perhaps…

boomam

Amusingly, using all the defaults, but with the HDD cache set at 1024Mb seems to make things more stable RAM wise, slowly filling up, but strangely the swap seems to be filling even though there's free RAM ???
And its seemingly ignoring the watermark % variables too as its way past the watermark i set yet isnt clearing the swap cache.

doktornotor

@boomam:

Anyone got any tips for getting the cache manager working on Squid3? As the top result guide on these forums doesn't appear to work for Squid3…

1/ Run this from Diagnostics - Command Prompt - PHP Execute

require_once("/usr/local/pkg/squid.inc");
$cachemgr = "cachemgr.cgi";
symlink(SQUID_BASE . "/bin/{$cachemgr}", "/usr/local/www/{$cachemgr}");

2/ Check that Squid is set to listen on loopback in General - Proxy Interfaces - otherwise you'll just get nifty timeouts.
3/ Stick your trusted IP(s) into Local Cache - External Cache Managers Apparently not needed/ignored. The access is allowed with or without this.
4/ Add this to General - Custom ACLS (Before Auth)

cachemgr_passwd none all

Alternatively some saner ACLs:

cachemgr_passwd none 5min
cachemgr_passwd none 60min
cachemgr_passwd none asndb
cachemgr_passwd none authenticator
cachemgr_passwd none cbdata
cachemgr_passwd none client_list
cachemgr_passwd none comm_incoming
cachemgr_passwd none counters
cachemgr_passwd none delay
cachemgr_passwd none digest_stats
cachemgr_passwd none dns
cachemgr_passwd none events
cachemgr_passwd none filedescriptors
cachemgr_passwd none fqdncache
cachemgr_passwd none histograms
cachemgr_passwd none http_headers
cachemgr_passwd none info
cachemgr_passwd none io
cachemgr_passwd none ipcache
cachemgr_passwd none mem
cachemgr_passwd none menu
cachemgr_passwd none netdb
cachemgr_passwd none non_peers
cachemgr_passwd none objects
cachemgr_passwd none pconn
cachemgr_passwd none peer_select
cachemgr_passwd none redirector
cachemgr_passwd none refresh
cachemgr_passwd none server_list
cachemgr_passwd none store_digest
cachemgr_passwd none storedir
cachemgr_passwd none utilization
cachemgr_passwd none via_headers
cachemgr_passwd none vm_objects
cachemgr_passwd disable config
cachemgr_passwd disable offline_toggle
cachemgr_passwd disable reconfigure
cachemgr_passwd disable rotate
cachemgr_passwd disable shutdown

Now you can browse to http(s)://your.pfsense.ip.or.fqdn/cachemgr.cgi and use the Administrator's Email set up in General tab just click the Continue button to login without password.

As you can see, this buggy CGI thing is a nice buggy hole into your setup. WTF.

boomam

Thanks,
after running the php code, this error generates:
Warning: symlink(): No such file or directory in /usr/local/www/exec.php(250) : eval()'d code on line 3

I've done the remainder of the steps and there's just a 404 error.

doktornotor

You paste ALL the code I posted there into the field. ALL. Only after that you execute. Let me repeat: The WHOLE thing. Sigh. Really. If unable to follow, please, just leave the thing alone.

boomam

@doktornotor:

You paste ALL the code I posted there into the field. ALL. Only after that you execute. Let me repeat: The WHOLE thing. Sigh. Really. If unable to follow, please, just leave the thing alone.

All the code WAS pasted.
Why would i pick and mix part of the code??? It makes no sense for me to pick parts of the code and ignore other bits does it.

doktornotor

NFC. Look, this just works. Period. If unable to symlink a file, then tough cookies.

boomam

Its not a case of unable, its a case of your suggested step didn't work. Simple as.
I appreciate the help but you shouldn't assume instantly that i've done something wrong when it was so simple a task that was followed verbatim from your steps.

doktornotor

Sucks to be you. You apparently have more issues than this, such as downloading a bugfixed file having no effect on your box either. Better call ghostbusters.

boomam

Wow.

https://forum.pfsense.org/index.php?topic=100167.msg562343#msg562343
Thanks, but i cant really compensate when the GUI doesnt do what it says it will can i. ;)

You really need to stop assuming everyones dumber than you. Whilst i'll freely admit that you know more about this subject than a good 90% of this forum, myself included, i really don't see the need to be so angry all the time when all people are asking for is help for something you helped put together. If you dont want to help, don't, but don't berate people for no reason other than frustration when YOU are choosing to help. Its open source, we're meant to help each other.
Whether that's creating the packages like yourself, or effectively bug reporting like the rest of us.

Based on the above revelation about the GUI, i'll try your symlink command via SSH and see if that makes a difference. If so, then I'll publish the results here so others can benefit from the findings.

doktornotor

Sir. Perhaps you would have better luck doing these actions on a box where Squid3 is properly installed. Outta this debate.

boomam

That would be lovely, if the package worked 100% on its own.
Which in all fairness, mostly does apart from either the apparently known memory leaks that are reported upstream, or a few bugs here and there in the provided package from Pf's repository.

So anyway, regardless of method of input, same error:
Warning: symlink(): No such file or directory in /usr/local/www/exec.php(250) : eval()'d code on line 3

doktornotor

Yeah. Sucks to be you. If you have no such file, well…. then your Squid install is incomplete. If of course could STILL symlink the thing from shell, but that'd require producing some effort, instead of trying to paste PHP code in there.

Bye.

boomam

You mean the PHP code you suggested to use in the first place ???
I really do not know why you are hostile to everyone.

I'll try your new code and hopefully that'll work. Thank you for your input.

doktornotor

The code is absolutely the same… What's added there is to show you that IT WORKS. There's no new relevant code in there that'd fix the ghosts in your browser/pfSense box/god knows what.