On 09/04/2018 03:51 PM, Amos Jeffries wrote:
On 5/09/18 1:24 AM, Silamael wrote:
Hello,
I'm currently investigating a memory leak in with the Kerberos negotiate
authentication helper in Squid 3.5.27 under OpenBSD 6.3. It's a own port
with added Kerberos support since OpenBSD's port does not support
Kerberos at all.
As library Heimdal 7.5.0 is used. So far I had no luck in finding the
memory leak itself.
Have you tried valgrind and either GCC or clang static analysis features
on your helper and/or library?
valgrind doesn't seem to work properly on OpenBSD. I get a bunch of
nonsense output and then a segmentation fault...
What are the GCC/clang statistic features? I'm no C/C++ pro ;)
Would it be safe for Squid, to patch the helper code so that it does a
clean exit after every X processed requests?
Or will this bring new problems on Squid's side?
Should be okay so long as the helpers do reply to at least some queries,
and do not exit all at once.
Squid-3.5 will log errors about helpers exiting unexpectedly, but should
only die if the helpers did so on their startup or many are dying within
a shifting 30sec window of time.
At moment a helper will call exit(0) after 10000 requests. Don't know,
how Squid distributes the requests over all helper processes and if we
have too many helpers exiting within 30 seconds...
But good to know that there aren't any general objections.
Squid-4 can use the auth_param on-persistent-overload=ERR option to
prevent even the death cases above.
Good to know.
-- Matthias
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
