Squid use all memory ram

gersonofstone · Feb 27, 2017, 10:19 PM

Hi

I have a box pfsense 2.3.3 with squid 0.4.36 and squidGuard 1.15. but after sometime squid use all ram, I restard the squid and memory back to normal.

Squid was configure on mode transparent with HTTPS/SSL Interception and SSL/MITM Mode splice all..

Any ideas?

I have a bad english :v

jimp · Mar 1, 2017, 2:53 PM

How much RAM is in the system?

What cache size? What cache settings? Do you have Anti-Virus enabled?

If it consumed all memory it could only be because it was configured to do that, intentionally or unintentionally.

Also when all RAM was used, you should look at the output of "ps uxawwd" to see which processes are using up the RAM. It may not necessarily be squid.

gersonofstone · Mar 1, 2017, 7:39 PM

Hi jimp

**My box have 16 GB

this problem start when I update to pf 2.3.3, i have reinstall squid and squidguard but to continue. when restar squid the memory returns to normal

I'm disable packeges one to one

rml125 · Mar 6, 2017, 2:20 PM

Hi,

I have the same problem. I turned off transparent mode to normalize the memory consumption.

gersonofstone · Mar 6, 2017, 4:30 PM

HI

I have changed my setting in local cache, but problem continues.

I use the option Clear Disk Cache NOW for free memory

I'm still looking for the problem :v

Impatient · Mar 8, 2017, 5:39 PM

I have had the issue since pfSense version 2.3 and the only way to help alleviate the issue was to set the Maximum Object size in Ram back to 256 kb.

Impatient · Mar 16, 2017, 6:45 PM

I installed pfSense 2.4 Beta and I no longer have the issue.

So far running for 48 hrs. and have 10gb's free out of 16gb's.

rlrobs · Mar 26, 2017, 8:43 PM

Impatient,

Still working on 2.4?

Impatient · Mar 27, 2017, 4:42 AM

I have been well pleased with 2.4 beta and so far memory usage has been much better.

Currently after 7 day's since reboot I have 4gb's out of 8gb's allocated for Squid still free.

When I installed pfSense 2.4 I used the ZFS file system and I used diskd for Squid with 128
Level 1 Directories.

The only package's I have installed is PfblockerNG,Snort on wan interface,and of course Squid.

gersonofstone · May 10, 2017, 9:41 PM

I enable into squid "debug_options all,2" and find this messages.

"clientPeekAndSpliceSSL: SSL_accept failed"

this cause used all memory RAM

bbassotti · May 11, 2017, 9:52 AM

Hello, I'v two identical pfsense 2.3.2: one with squid 3.5.19 and one with 3.5.23. The first one have no problem, the second one consume all memory.

[2.3.2-RELEASE][root@fw1]/root: squid -v
Squid Cache: Version 3.5.19

[2.3.2-RELEASE][root@fw2]/root: squid -v
Squid Cache: Version 3.5.23

the main difference between two are compile options:

3.5.23:
'build_alias=amd64-portbld-freebsd10.3'
'CC=cc' 'CPPFLAGS=-I/usr/local/include'
'CXX=c++'
'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing -Wno-unknown-warning-option -Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess'
'CPP=cpp'
–enable-ltdl-convenience

3.5.19:
'--build=amd64-portbld-freebsd10.3'
'build_alias=amd64-portbld-freebsd10.3'
'CC=cc'
'CPPFLAGS=-I/usr/local/include'
'CXX=c++'
'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -fstack-protector -DLDAP_DEPRECATED -fno-strict-aliasing '
'CPP=cpp'
–enable-ltdl-convenience

Can I rollback to 3.5.19? if yes how? thanx.

gersonofstone · May 11, 2017, 4:13 PM

Posted by: bbassotti

your box pfsense with Squid Cache: Version 3.5.19 is filtering https?

bbassotti · May 11, 2017, 8:14 PM

@:

Posted by: bbassotti

your box pfsense with Squid Cache: Version 3.5.19 is filtering https?

yes.

emax4 · May 18, 2017, 7:24 PM

Hello

Actually I have the problem of lato consumption of RAM, verify and is the Squid. Restarting the service returns to normal.

Ttengo installed Pfsense 2.3.2 with Squid 3.5.23

I could not solve the problem.

Any solution?

moodian · May 18, 2017, 7:52 PM

Hi guys.

Me too…
Actually, I have the same problem...
I think is the MITM.
I work in a college and we are using pfsense on the latest version, with squid 3.5.23.
Our server has 8GB of RAM and my impression is that, when my network is set without MITM filtering, the consuming of RAM is around 15%. If I activate MITM filtering for SSL package interception, the consuming of RAM slowly grows up to 100% and our PFsense system goes down.
I've tried to change the settings of Local Cache, but I haven't found any conclusive results.
If I restart the squid service the consuming of RAM decreases.

Any idea?
Thank you for help.

emax4 · May 19, 2017, 3:20 PM

Where is the MITM configuration?

moodian · May 19, 2017, 7:17 PM

Hello

SSL MITM is a acronym for SSL Man In The Midle Filtering.
It is when we enable SSL filtering for the PFSense analise the HTTPS traffic beyond HTTP.

Look MITM configuration in: Services > Squid Proxy Server > General > SSL Man In the Middle Filtering

A provisory solution that I found was to create 2 cron jobs. The first to stop and the second for start the squid 10 seconds after stop.

For exemple:
30 * * * * root /usr/local/sbin/squid -k shutdown
30 * * * * root sleep 10 && /usr/local/sbin/squid

emax4 · May 19, 2017, 8:03 PM

Hello…

Ummmm .... yes, the problem is that if I disable the HTTPS / SSL Interception, the squidguard will not filter me the sites with ssl (https) certificate.

On the other hand, it is interesting to enable the cron that you indicate me.

I'll try those cron

miquim · May 25, 2017, 2:47 PM

I have this problem too!
any one has a update or downgread do works version?

Tks!

emax4 · Jun 4, 2017, 9:26 PM

No one has solved the problem?