Squid process anomaly

sky7176 · 1 February 2023 20:00

For some days I’ve noticed that the squid process increases the processes in memory.
This leads to the fact that it is difficult to navigate.
172 J1900 core version with 8 Gb of Ram
To be able to go back to browsing in a decent way I have to restart everything.
I attach screenshot of services

jon · 1 February 2023 21:20

What Squid related items do you have enabled?

Can you send a screenshot of your Advanced web proxy configuration WebGUI page located at menu Network > Web Proxy?

sky7176 · 2 February 2023 09:07

My configuration is what you see in the image, it’s been like this for 10 years, but I’ve never had these navigation problems.

For example last night I had to do a HomeAssistant update, but I received a connection failure error, I restarted the firewall and everything is working again, I bet but everything happened after the update to core 172.

Giuseppe

bonnietwin · 2 February 2023 09:35

Maybe try increasing your web proxy cache memory from 128MB to 400MB as your processes memory is running between 200MB and 300MB.

My system has the cache memory set at 200MB and my Processes Memory is running at between 50MB and 70MB and I don’t see any browsing problems at all. The system is also running CU172.

You could also look in Logs - Proxy Logs and press the update button and search through to around 12:00 on the Wednesday and see if you can see anything unusual that happened at that time with the browsing.

sky7176 · 2 February 2023 10:13

thank you for your suggestion.
I try to put it into practice.
The strange thing is that in my network, nothing has changed at the hardware level.
I will check how you reported to me any events that occurred around 12.

Giuseppe

bbitsch · 2 February 2023 11:13

According to your screen shot, you have activated SquidClamav.
Wasn’t there a problem with this addon?
Just try to deactivate it.

sky7176 · 2 February 2023 11:40

OK thank you,
for now i tried to increase the cache, test a couple of days and then i try to disable squidclamav.

But I’m also noticing this behavior on the two other firewalls I have, one at my parents’ house and the other at a friend’s, in some moments the memory used by squid skyrockets.

all three in order to go back to navigating decently we have to restart.
Now I try on my friend to disable squidclamav but not to touch the cache, my friend’s one I don’t touch HI

Giuseppe

sky7176 · 2 February 2023 12:23

I am attaching the graph of the processes in memory of my parents’ firewall and that of my friend, as you can see the peaks appeared, approximately, after the update to 172.
Maybe it’s just a coincidence.

Giuseppe

bonnietwin · 2 February 2023 12:36

The last update of the squid web proxy package and the web proxy WUI page were done in CU171.

Nothing in the web proxy is shown in the git repository as being changed in CU172.

sky7176 · 2 February 2023 13:05

Thank you.
It was just a guess.
For the moment I have increased the cache as suggested, I am monitoring everything.

Giuseppe

jon · 2 February 2023 17:37

You may want to run this command. It will display when each core upgrade was done. The command takes about 30 seconds to complete.

for logf in $(ls -tr /var/log/messages*) ; do zgrep --color -ai "CORE UPGR: Upgrading from release" $logf ; done

It will display when you upgraded to CU 171 and CU 172.

sky7176 · 5 February 2023 22:10

This is a script output:

Apr 28 10:30:15 ipfire pakfire: CORE UPGR: Upgrading from release 166 to 167
Jun 14 08:25:01 ipfire pakfire: CORE UPGR: Upgrading from release 167 to 168
Jul 13 09:52:58 ipfire pakfire: CORE UPGR: Upgrading from release 168 to 169
Sep 17 19:06:02 ipfire pakfire: CORE UPGR: Upgrading from release 169 to 170
Oct 24 08:26:55 ipfire pakfire: CORE UPGR: Upgrading from release 170 to 171
Dec 31 09:09:33 ipfire pakfire: CORE UPGR: Upgrading from release 171 to 172

Giuseppe

sky7176 · 5 February 2023 22:53

This is another graph of another friend’s firewall, as you can see the peaks started in january, same internet provider, but we live 100km apart.
The hardware is the same J1900 hers with 4 GB of ram mine with 8.
I have no idea where to go to understand what happens, if you want I’ll send you the logs of the two systems.

Neither clamav nor squidclamav is installed on his ipfire.

Giuseppe

sky7176 · 6 February 2023 10:57

trying to understand why the memory of squid skyrockets,
I realized that in the three firewalls I’ve analyzed, the mess starts when
I find something like this in the logs:

09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
09:08:02 192.168.12.1 - http://192.168.12.1:3128/
.
.
.
.
09:08:27 192.168.12.1 - http://192.168.12.1:3128/
09:08:27 192.168.12.1 - http://192.168.12.1:3128/
09:08:27 192.168.12.1 - http://192.168.12.1:3128/
09:08:28 192.168.12.1 - http://192.168.12.1:3128/
09:08:28 192.168.12.1 - http://192.168.12.1:3128/
09:08:28 192.168.12.1 - http://192.168.12.1:3128/
09:08:28 192.168.12.1 - error:transaction-end-before-headers

Basically my firewall in about 30’’ made 17000 of these requests to the transparent port of the proxy.

I have analyzed the other two and the same thing happens,
only in one the sequence doesn’t end with:
09:08:28 192.168.12.1 - error:transaction-end-before-headers

Why does this happen?
I went back in time and every time squid’s memory gets messed up what I reported happens, and it happens on all three firewalls.

Giuseppe