Squid use all memory ram
I have had the issue since pfSense version 2.3 and the only way to help alleviate the issue was to set the Maximum Object size in Ram back to 256 kb.
I installed pfSense 2.4 Beta and I no longer have the issue.
So far running for 48 hrs. and have 10gb's free out of 16gb's.
Still working on 2.4?
I have been well pleased with 2.4 beta and so far memory usage has been much better.
Currently after 7 day's since reboot I have 4gb's out of 8gb's allocated for Squid still free.
When I installed pfSense 2.4 I used the ZFS file system and I used diskd for Squid with 128
Level 1 Directories.The only package's I have installed is PfblockerNG,Snort on wan interface,and of course Squid.
I enable into squid "debug_options all,2" and find this messages.
"clientPeekAndSpliceSSL: SSL_accept failed"
this cause used all memory RAM
Hello, I'v two identical pfsense 2.3.2: one with squid 3.5.19 and one with 3.5.23. The first one have no problem, the second one consume all memory.
[2.3.2-RELEASE][root@fw1]/root: squid -v
Squid Cache: Version 3.5.19[2.3.2-RELEASE][root@fw2]/root: squid -v
Squid Cache: Version 3.5.23the main difference between two are compile options:
'CC=cc' 'CPPFLAGS=-I/usr/local/include'
'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing -Wno-unknown-warning-option -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess'
'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing '
–enable-ltdl-convenienceCan I rollback to 3.5.19? if yes how? thanx.
Posted by: bbassotti
your box pfsense with Squid Cache: Version 3.5.19 is filtering https?
Posted by: bbassotti
your box pfsense with Squid Cache: Version 3.5.19 is filtering https?
Actually I have the problem of lato consumption of RAM, verify and is the Squid. Restarting the service returns to normal.
Ttengo installed Pfsense 2.3.2 with Squid 3.5.23
I could not solve the problem.
Any solution?
Hi guys.
Me too…
Actually, I have the same problem...
I think is the MITM.
I work in a college and we are using pfsense on the latest version, with squid 3.5.23.
Our server has 8GB of RAM and my impression is that, when my network is set without MITM filtering, the consuming of RAM is around 15%. If I activate MITM filtering for SSL package interception, the consuming of RAM slowly grows up to 100% and our PFsense system goes down.
I've tried to change the settings of Local Cache, but I haven't found any conclusive results.
If I restart the squid service the consuming of RAM decreases.Any idea?
Thank you for help. -
Where is the MITM configuration?
SSL MITM is a acronym for SSL Man In The Midle Filtering.
It is when we enable SSL filtering for the PFSense analise the HTTPS traffic beyond HTTP.Look MITM configuration in: Services > Squid Proxy Server > General > SSL Man In the Middle Filtering
A provisory solution that I found was to create 2 cron jobs. The first to stop and the second for start the squid 10 seconds after stop.
For exemple:
30 * * * * root /usr/local/sbin/squid -k shutdown
30 * * * * root sleep 10 && /usr/local/sbin/squid -
Ummmm .... yes, the problem is that if I disable the HTTPS / SSL Interception, the squidguard will not filter me the sites with ssl (https) certificate.
On the other hand, it is interesting to enable the cron that you indicate me.
I'll try those cron
I have this problem too!
any one has a update or downgread do works version?Tks!
No one has solved the problem?
I still have the problem
Me too,
i just configure the cron for evey 30 min stop and start the squid service.
You can install the Cron package and there you can add 2 news jobs
*/30 * * * * root /usr/local/sbin/squid -k shutdown
*/30 * * * * root sleep 10 && /usr/local/sbin/squidits work for me but is not the best solution.
The swapstate_check.php won't execute because there is no cache partition mounted found in the filesystem. I checked the source code line by line and by creating a test.php from there I can tell that it will never execute because of the conditions doesn't meet. We can modify the swapstate_check.php to monitor the swap.state file size and clean the cache if this file exceeds the specified amount we set in the script.
Yes, for now I think the best solution is to use a cron to stop and knit the squid, as says miquim. I think we have to wait for an update to see if they solve the problem. If someone finds the solution, please advise
It's hard to monitor the swap.state filesize and the SWAP usage percentage because it grows dynamically. In my case I modified the swapstate_check.php code to execute if the cache folder size reach 250MB or the swap.state filesize reach 640KB.