Hi, I am trying to set up ssl-bumped, kerberos-authenticated proxy with 4.3 on FreeBSD.
It works, but under load it crashes with the following message in cache.log: 2018/11/07 12:41:45 kid1| assertion failed: http.cc:1530: "!Comm::MonitorsRead(serverConnection->fd)" I also get this message in squid jail's messages.log: Nov 7 12:49:06 squid2 squid[86874]: Squid Parent: squid-1 process 3203 exited due to signal 6 with status 0 I suspected FreeBSD's low kern.ipc.somaxconn of 128, due to the following in jail host's messages.log: Nov 7 12:11:19 warden4 kernel: sonewconn: pcb 0xfffff8039fa301d0: Listen queue overflow: 769 already in queue awaiting acceptance (334 occurrences) However, after bumping it to 512 above message disappeared but squid crashes remained. I am monitoring queue length on jail host with `netstat -Lan', and I notice, just before crash, queue goes way up, to more than 512, and then goes back to 0 when squid restarts. Maybe unrelated, but always around time of crash I see the following line in squid's access.log: 1541590880.172 0 - TCP_MEM_HIT/200 1521 GET http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt - HIER_NONE/- application/octet-stream Notice there's no client IP address in the line. How come? How can I find out which clients request this? Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chip wood, draw water. Marko Cupać https://www.mimar.rs/ _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
