On 09/01/13 10:14, Steve Hill wrote:
> I have a busy Squid 3.2.3 server that constantly has a huge number of
> connections tied up in CLOSE_WAIT (i.e. at the moment it has 364
> ESTABLISHED but 3622 in CLOSE_WAIT).
>
> tcp 1 0 ::ffff:172.23.3.254:8080 ::ffff:172.23.2.158:49615
> CLOSE_WAIT 32303/(squid-1)
Further to this, it appears that this is triggered by ICAP REQMOD
rewrites of CONNECT requests:
1. Client sends a "CONNECT foo.example.com:443 HTTP/1.1" request to the
proxy.
2. Squid passes the request to the ICAP REQMOD service.
3. The ICAP REQMOD service wants to deny the request, so rewrites the
request.
4. Squid returns a "403 Forbidden" response to the client in clear text
(this is allowed, as it is seen by the client as a response from the
proxy rather than a response from the web server, although very few
clients actually display the page contents these days due to security
restrictions).
5. The client sends a FIN
At this point, the socket stays open on the Squid server - Squid never
closes it and there is 1 byte in the socket's rx queue. I have no idea
what that 1 byte is though - Since all requests are terminated with a
\r\n maybe squid doesn't read the \n ?)
-- - Steve Hill Technical Director Opendium Limited http://www.opendium.com Direct contacts: Instant messager: xmpp:steve_at_opendium.com Email: steve_at_opendium.com Phone: sip:steve_at_opendium.com Sales / enquiries contacts: Email: sales_at_opendium.com Phone: +44-844-9791439 / sip:sales_at_opendium.com Support contacts: Email: support_at_opendium.com Phone: +44-844-4844916 / sip:support_at_opendium.comReceived on Wed Jan 09 2013 - 12:28:19 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 10 2013 - 12:00:03 MST