Squid no longer uses $SQUID_MAXFD

Bug #580590 reported by Ian Redfern on 2010-05-14
This bug affects 4 people
Affects Status Importance Assigned to Milestone
squid (Ubuntu)

Bug Description

Binary package hint: squid

After upgrading to lucid, squid ignores the setting of SQUID_MAXFD in /etc/default/squid and always uses 1024 file descriptors, which is too few for a busy proxy.

The old /etc/init.d/squid used to contain:

maxfds () {
        [ -n "$SQUID_MAXFD" ] || return
        [ -f /proc/sys/fs/file-max ] || return 0
        global_file_max=`cat /proc/sys/fs/file-max`
        minimal_file_max=$(($SQUID_MAXFD + 4096))
        if [ "$global_file_max" -lt $minimal_file_max ]
                echo $minimal_file_max > /proc/sys/fs/file-max
        ulimit -n $SQUID_MAXFD

Could we have it back in the new /etc/init/squid.conf?

Related branches

CVE References

Chuck Short (zulcss) wrote :

This will be fixed in maverick.


Changed in squid (Ubuntu):
importance: Undecided → Wishlist
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package squid - 2.7.STABLE9-2ubuntu1

squid (2.7.STABLE9-2ubuntu1) maverick; urgency=low

  * Merge from debian unstable, remaining changes:
    + 99-ubuntu-ssl-cert-snakeoil:
      - src/cf.data.pre:
        * Add reference to snakeoil /etc/ssl
       - debian/control:
        + Add ssl-cert to Depends to brin in snakeoil certificates.
    + debian/logrotate: use sarg-reports rather than sarg-maint. (LP: #268816)
    + debian/patches/99-fix-storeurl-move-temp.dpatch: Fix bug with 302 response moved temporarily.
      (LP: #503777)
    + debian/squid.upstart, debian/rules: Convert initscripts to upstart.
    + debian/patches/90-cf.data.ubuntu.dpatch: Add an example refresh pattern for debs
      (foundations-lucid-local-report spec)
    + debian/rules: Disable optimizations for arm. (LP: #543798)
    + Dropped:
      + debian/patches/99-squid-capability.dpatch: No longer needed.
      + debian/patches/08-CVE-2010-0308.dpatch: No longer needed.
      + debian/patches/09-CVE-2010-0639.dpatch: No longer needed.

   [Chuck Short]
   * debian/squid.upstart: Re-add maxfds. (LP: #580590)
 -- Chuck Short <email address hidden> Fri, 02 Jul 2010 13:43:09 -0400

Changed in squid (Ubuntu):
status: Confirmed → Fix Released
bec (support-bec) wrote :

After testing the changes in the squid upstart configuration introduced by commit 51, package squid (2.7.STABLE9-2ubuntu1) maverick, it seems that the max filedescriptors ulimit is still not applied.
Setting the ulimit using the "script" section (instead of setting it in the "pre-start script" section) works.

Chris Jones (cmsj) on 2010-08-12
Changed in squid (Ubuntu):
status: Fix Released → Confirmed
Tim Nicholas (tjn) wrote :

Fix Released? I can't see anything that looks like a fix. Can someone post a link? Maybe I'm just not working launchpad properly.

As Rober Fischer The maxfds() subroutine needs to be in the 'script' section...

Or something like

limit nofile 65536 65536

could be added above 'expect fork'.

I've attached my working /etc/init/squid.conf

Andrew Glen-Young (aglenyoung) wrote :

Steps to reproduce

Initial Install and Tests

$ sudo apt-get install squid squid-client
$ grep MAX /etc/default/squid·
$ sudo status squid
squid start/running, process 2671
$ squidclient -p 3128 -l -h mgr:info | grep 'Maximum number'
    Maximum number of file descriptors: 1024

Change SQUID_MAXFD and try again

$ sudo sed -i 's/SQUID_MAXFD=1024/SQUID_MAXFD=65536/' /etc/default/squid
$ grep MAX /etc/default/squid·
$ sudo stop squid
squid stop/waiting
$ sudo start squid
squid start/running, process 2758
$ squidclient -p 3128 -l -h mgr:info | grep 'Maximum number'
    Maximum number of file descriptors: 1024

Apply the patch (attached) and retry:

$ sudo vi /etc/init/squid.conf
[ patch ]
$ sudo status squid
squid stop/waiting
$ sudo start squid
squid start/running, process 2794
$ squidclient -p 3128 -l -h mgr:info | grep 'Maximum number'
    Maximum number of file descriptors: 65536

That's more like it!

Note: LP#573853 was affecting me as well so I'm also running squid on Lucid with this patch applied as well.

tags: added: patch
DiegoWoitasen (diego-woitasen) wrote :

The bug still exists in 11.10

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers