Hi Robert
thanks for replying.... some solace in this moment of
despair ;-)
well
as u say
Won't this rule match squid's outbound connections
> as well? I would
> include the ethernet interface in the rule. (I have
> a vague memory that
> locally generated ipchain packets hit the input rule
> with a source of lo
> - that may be wrong however and local packets not
> hit the input chain at
> all - YMMV.)
nope this doesnt happen or else the packets would hv
ended up in an infinite loop which fortunately does
not happen
i hv also observed that after almost every http GET
client access the foll shows up in cache.log
2001/08/13 17:33:42| The request GET img.com/a/co/comp
aq/redcompaq.gif is ALLOWED, because it matched 'all'
2001/08/13 17:33:42| clientReadRequest: FD 18: no data
to process ((11) Resource
temporarily unavailable)
this happens even when there is no load
i hv the foll in my startup scripts
echo 1 >/proc/sys/net/ipv4/ip_forward
ulimit -HSn 16384
echo 10000 > /proc/sys/fs/file-max
echo 32768 >/proc/sys/fs/inode-max
echo 1024 65000
/proc/sys/net/ipv4/ip_local_port_range
echo 1024 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 100 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 300 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
so i hv plenty of file descriptors as well
u said that
cache_mem 128 MB
> > > > maximum_object_size 40960 KB
> > > > cache_dir /cache 10000 30 25
>
> This line *seem* strange. However it shouldn't
> affect poll/select and
> accept :]
--- what is strange in this --- ????
i compiled squid2.2S5 with hno latest snapshot using
the foll options
CFLAGS="-DNUMTHREADS=55" ./configure
--enable-async-io=55
--enable-snmp
--enable-poll
hope this okay
..
what i fail to understand is that even at load when
the cpu and mem are hardly exercised
whay does telnetting to squid port even from the same
box take a long time
however i can easily do a normal port 23 telnet to the
squid box
there is no other firewall /IDS out there!!!
any clue as to what is wrong !!!
hope u can tell me something
waiting in anticipation
khizcode
--- Robert Collins <robert.collins@itdomain.com.au>
wrote:
> On 18 Aug 2001 03:54:48 -0700, khiz code wrote:
> > Hi all
> > i m still waiting for a reply
>
> You may be in the wrong timezone for Jone, Adrian
> and Henrick. :}.
>
> > pls help me out
>
> I'm guessing here...
>
> > i dont want my bosses to scrap out this squid
> based
> > caching project
> > this is a REAL SOS
> > rgds
> > khizcode
> > --- khiz code <khizcode@yahoo.com> wrote:
> > > one mor ething
> > > ihv got millions of
> > > 2001/08/13 10:29:26| clientReadRequest: FD 27:
> no
> > > data
> > > to process ((11) Resource temporarily
> unavailable)
>
> This *shouldn't happen* - we only try to read when
> the socket is ready.
>
> > > and
> > >
> > > 2001/08/12 20:18:19| comm_accept: FD 46: (11)
>
> Again, this shouldn't happen, your squid is trying
> to accept () on a
> socket with no pending connections.
>
> Are you using poll or select in your squid. (IIRC
> you are using linux -
> what configure command did you use with squid when
> you compiled it?).
>
> Also, do you have any firewalling going on with this
> machine? other than
> your ipchains rules?
> Do you have any IDS or NIDS software running on the
> machine or your LAN?
> ie snort?
>
> Have you tried testing squid *without transparent
> operation*. That is,
> just in normal mode? It would help to isolate the
> problem to know if it
> is affected at all when you change that.
>
> I've added some other notes below. *note: I'm not a
> transparent squid
> user so I'm not 100% sure of the rules needed - I
> presume you followed
> the squid FAQ in setting the box up though.
>
> > > Resource
> > > temporarily unavailable
> > > lots of them !!!!
> > > what does this signify
> > > i had debug level ALL,5
> > > giving me a 37 MB cache.log in less than 5 mins
> > > would this be of some help
> > > ???????
>
> Probably not. It means theres a lot of problems :]
> What _might_ be of
> use is where squid stared to have problems, whether
> thats 30 seconds or
> 3 minutes in.
>
> > > rgds
> > > khizcode
> > > khiz code <khizcode@yahoo.com> wrote:
> > > > Hi Joe
> > > > i did put the squid box under load for abt 5
> mins
> > > > and
> > > > came up with the same disappointing results
> > > > well DNS was responding quickly enuf
> > > > howver telnet localhost 3128 from the same box
> was
> > > > taking ages after just 2 mins under load
> > > > i am sending u the cachemgr stats which i
> could
> > > > collect immediately after putting off the load
> (
> > > > during load cachemgr too could not connect to
> > > squid)
> > > >
> > > > to clarify i put forth the foll details
> > > > 1> compaq prolinea 5500 dual pii xeon 550
> Mhz/512
> > > mb
> > > > ram/6 scsi disk of 9 GB each
> > > > RAID 0 done on 4 of the drives and
> partitioned
> > > as
> > > > /cache using reiserfs for effective 34 GB
> > > > RAID 1 done on the remaining drives where
> linux is
> > > > installed
> > > > 2> redhat 6.2 with kernel 2.2.19 and reiserfs
> 3.53
> > > > scsi driver sym 53cxx compiled in . along
> with
> > > > tlan
> > > > driver
> > > > 3> cache box set up as transparent proxy with
> > > > ipchains
> > > > target prot opt source
> > > > destination ports
> > > > ACCEPT all ------ localhost localhost
>
> > >
> > > > n/a
> > > > REDIRECT tcp ------ anywhere
> > > > anywhere
> > > > any -> www
> > > > => 3128
>
> Won't this rule match squid's outbound connections
> as well? I would
> include the ethernet interface in the rule. (I have
> a vague memory that
> locally generated ipchain packets hit the input rule
> with a source of lo
> - that may be wrong however and local packets not
> hit the input chain at
> all - YMMV.)
>
> > > > ACCEPT all ------ anywhere
> > > > anywhere
> > > > n/a
> > > > Chain forward (policy ACCEPT):
> > > > Chain output (policy ACCEPT):
>
>
> > > > 4> squid.conf
> > > > cache_mem 128 MB
> > > > maximum_object_size 40960 KB
> > > > cache_dir /cache 10000 30 25
>
> This line *seem* strange. However it shouldn't
> affect poll/select and
> accept :]
>
> > > > dns_children 15
> > > > httpd_accel_host virtual
> > > > httpd_accel_port 80
> > > > httpd_accel_with_proxy on
> > > > httpd_accel_uses_host_header on
> > > > memory_pools_limit 70 MB
> > > > 5> glibc-2.1.3-22
> > > >
> > > > STATISTICS------
> > > > CAHE RUN TIME
> > > > Connection information for squid:
> > > > Number of clients accessing cache: 40
> > > > Number of HTTP requests received: 4168
> > > > Number of ICP messages received: 0
> > > > Number of ICP messages sent: 0
> > > > Number of queued ICP replies: 0
> > > > Request failure ratio: 0.00%
> > > > HTTP requests per minute: 94.7
> > > > ICP messages per minute: 0.0
> > > > Select loop called: 187023 times, 14.120 ms
> avg
> > > > Cache information for squid:
> > > > Request Hit Ratios: 5min: 10.1%, 60min: 6.3%
> > > > Byte Hit Ratios: 5min: 23.0%, 60min: 20.0%
> > > > Storage Swap size: 6182 KB
> > > > Storage Mem size: 3004 KB
> > > > Storage LRU Expiration Age: 365.00 days
> > > > Mean Object Size: 8.63 KB
> > > > Requests given to unlinkd: 21
> > > > Median Service Times (seconds) 5 min 60
> min:
> > > > HTTP Requests (All): 0.01648 0.02899
> > > > Cache Misses: 0.61549 0.58309
> > > > Cache Hits: 0.00598 0.00562
> > > > Near Hits: 0.04776 0.04047
> > > > Not-Modified Replies: 0.00678 0.00562
> > > > DNS Lookups: 0.01210 0.01269
> > > > ICP Queries: 0.00000 0.00000
> > > > Resource usage for squid:
> > > > UP Time: 2640.817 seconds
> > > > CPU Time: 76.890 seconds
> > > > CPU Usage: 2.91%
> > > > CPU Usage, 5 minute avg: 17.93%
> > > > CPU Usage, 60 minute avg: 2.91%
> > > > Maximum Resident Size: 0 KB
> > > > Page faults with physical i/o: 334
> > > > Memory usage for squid via mallinfo():
> > > > Total space in arena: 15266 KB
> > > > Ordinary blocks: 14696 KB 537 blks
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
Received on Sat Aug 18 2001 - 06:22:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:43 MST