Squid 3.0.PRE6 - https connection breaking...

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid 3.0.PRE6 - https connection breaking...

Emmanuel Eyer
Dear Squid team,

I am using Squid 3.0 PRE6 in production (30 GB data and 2 M requests per
day on 4 squid instances) and works pretty well. (BTW, it runs much more
stable than older versions!)

However, I have been reported that https connections break down after 15
minutes, for example during large downloads (ISO files) or during video
conferencing. According to some users, it is exactly 15 minutes (900
seconds), systematically. Partial tests, bypassing the proxies, confirm
that the proxy servers are culprit.

In addition (though I do not know yet if it is linked to above issue), I
found lots of entries in my cache.log files similar to:
2007/05/22 17:09:18| sslReadServer: FD 78: read failure: (0) Error 0
(Lots meaning 50-100 per day and per instance. No such entries were
found prior upgrading to PRE6, though disconnections were observed.)

I checked through the configuration, but could not find any 900 seconds
timeout. Notice that no such problem occurs with http connections.

Quick configuration facts: Solaris 9 (SPARC), gcc build, no caching
(cache_dir null), no SSL support (I do not use authentication).

Could this be linked to bug 1633? Shall I comment on this bug? Or open a
new one? I can setup a test server and turn on various debug options if
you need, as well as providing more detailed information on my current
Squid configuration.

Best regards,
Emmanuel
--
Emmanuel EYER  --  CS/CI System Administrator
mail: [hidden email] -- voice: +33.476.88.22.68
ESRF - Grenoble - France - http://www.esrf.fr
Reply | Threaded
Open this post in threaded view
|

Re: Squid 3.0.PRE6 - https connection breaking...

Alex Rousskov
On Tue, 2007-05-22 at 18:07 +0200, Emmanuel Eyer wrote:

> Dear Squid team,
>
> I am using Squid 3.0 PRE6 in production (30 GB data and 2 M requests per
> day on 4 squid instances) and works pretty well. (BTW, it runs much more
> stable than older versions!)
>
> However, I have been reported that https connections break down after 15
> minutes, for example during large downloads (ISO files) or during video
> conferencing. According to some users, it is exactly 15 minutes (900
> seconds), systematically. Partial tests, bypassing the proxies, confirm
> that the proxy servers are culprit.
>
> In addition (though I do not know yet if it is linked to above issue), I
> found lots of entries in my cache.log files similar to:
> 2007/05/22 17:09:18| sslReadServer: FD 78: read failure: (0) Error 0
> (Lots meaning 50-100 per day and per instance. No such entries were
> found prior upgrading to PRE6, though disconnections were observed.)
>
> I checked through the configuration, but could not find any 900 seconds
> timeout. Notice that no such problem occurs with http connections.
>
> Quick configuration facts: Solaris 9 (SPARC), gcc build, no caching
> (cache_dir null), no SSL support (I do not use authentication).
>
> Could this be linked to bug 1633? Shall I comment on this bug? Or open a
> new one? I can setup a test server and turn on various debug options if
> you need, as well as providing more detailed information on my current
> Squid configuration.

Sounds like bug #1633 to me, but I do not know much about SSL-related
code. Anybody in-the-know care to comment?

Which version did you upgrade to PRE6 from? There were no 15-minute
breakages with that version, right?

Were you able to reproduce this bug yourself?

Thank you,

Alex.


Reply | Threaded
Open this post in threaded view
|

Re: Squid 3.0.PRE6 - https connection breaking...

Emmanuel Eyer
Dear Alex,

Alex Rousskov wrote:
> Sounds like bug #1633 to me, but I do not know much about SSL-related
> code. Anybody in-the-know care to comment?

Just notice that Squid is NOT built with SSL libraries. I never thought
it was necessary (and most HTTPS stuff works fine).

> Which version did you upgrade to PRE6 from? There were no 15-minute
> breakages with that version, right?

1st question: snapshot of the Squid-ICAP branch 03/08/07.
2nd question: not sure. The previous version (PRE5 + ICAP snapshot) was
pretty unstable and crashed a few dozens of times per day (on asserts).
It still crashes randomly, but at most once or twice a day. Thus now the
HTTPS issue became visible (or popped up).

> Were you able to reproduce this bug yourself?

Not yet. I'm leaving for a few days off tonight (in 5 minutes to be more
specific ;-). I'll be back 1st of June and will then be able to work on
this. A colleague of mine found an easy way of reproducing the bug.

> Thank you,
> Alex.

I'll send more info as soon as I'll be able to reproduce the bug.

Thanks for your assistance,
Emmanuel
--
Emmanuel EYER  --  CS/CI System Administrator
mail: [hidden email] -- voice: +33.476.88.22.68
ESRF - Grenoble - France - http://www.esrf.fr
Reply | Threaded
Open this post in threaded view
|

Re: Squid 3.0.PRE6 - https connection breaking...

Alex Rousskov
On Thu, 2007-05-24 at 16:58 +0200, Emmanuel Eyer wrote:

> It still crashes randomly, but at most once or twice a day. Thus now the
> HTTPS issue became visible (or popped up).

Please consider filing bug reports for all crashes we do not know about.

Thank you,

Alex.


Reply | Threaded
Open this post in threaded view
|

Re: Squid 3.0.PRE6 - https connection breaking...

Henrik Nordström
In reply to this post by Alex Rousskov
tor 2007-05-24 klockan 08:38 -0600 skrev Alex Rousskov:

> Sounds like bug #1633 to me, but I do not know much about SSL-related
> code. Anybody in-the-know care to comment?

Sounds more like a timeout problem in tunnel.cc to me. Probably isn't
extending the read timeout on the server connection.

File a new bug please.

Regards
Henrik

signature.asc (316 bytes) Download Attachment