Re: [squid-users] Re: Duration Access Limits

2014-04-05 Thread Edmonds Namasenda 
Thanks Meyer.
While I always want to get my hands dirty, I have not yet written any
squid helpers.
Point me somewhere for starters.
And please note that because the WiFi will be a free service, I do not
want to incur more costs on equipment (Mikrotik) unless it is the only
alternative. Any specifics off Mikrotik you can recommend?

Amos, other users,

Is there nothing else I can do with squid to achieve my goal?

# Edmonds

On Fri, Apr 4, 2014 at 2:17 PM, babajaga augustus_me...@yahoo.de wrote:
Unless I am getting it wrong ...are you telling me to find (or
 propose) a solution to my problem?
 I proposed a possible solution using squid, however, must be implemented
 (programmed) by yourself, as not available AFAIK.

 Must it be external? Such
 tend to be slow.
 Not necessarily, as the result of the auth helper might be cached within
 squid, so number of accesses to this helper is reduced.

Is there another open source solution I can implement besides
 tinkering with the existing squid installation? 
 You might have a look at mikrotik.com. Their hotspot system within RoS
 should be able to do, what you want. Their hardware is really cheap, and not
 so bad. As there is also a huge forum regarding scripts, you should find
 something suitable on the spot.
 BTW: You might use squid as an upstream caching proxy for your MT-box, if
 you want. Simple to implement.



 --
 View this message in context: 
 http://squid-web-proxy-cache.1019090.n4.nabble.com/Duration-Access-Limits-tp4665424p4665438.html
 Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] Re: Duration Access Limits

2014-04-05 Thread Amos Jeffries 
On 5/04/2014 7:43 p.m., Edmonds Namasenda wrote:
 Thanks Meyer.
 While I always want to get my hands dirty, I have not yet written any
 squid helpers.
 Point me somewhere for starters.
 And please note that because the WiFi will be a free service, I do not
 want to incur more costs on equipment (Mikrotik) unless it is the only
 alternative. Any specifics off Mikrotik you can recommend?
 

Squid bundles with a few helpers you could look at for inspiration ...

 * time quota helper
http://www.squid-cache.org/Versions/v3/3.4/manuals/ext_time_quota_acl.html

 * session helper with BerkleyDB backend
http://www.squid-cache.org/Versions/v3/3.4/manuals/ext_session_acl.html

 * session helper with SQL backend
http://www.squid-cache.org/Versions/v3/3.4/manuals/ext_sql_session_acl.html

... of these I think the SQL session helper is probably most able to be
adapted. Since you have to provide the DB management code/scripts you
can easily make those do the timing part of your requirements. The
helper just checks if the SQL DB session record is currently active or not.
 With the others you would have to alter their code slightly to meet all
your crieria.

Amos

Re: [squid-users] squid cpu problem

2014-04-05 Thread Amos Jeffries 

This looks like the CPU cycles are being consumed by walking one or more
very long lists of memory pieces and writing them to disk one by one.
Note the UFSStoreState::write parameter size=4096 in the backtrace for
how bit those memory pages are.

Which could happen if you cached a very big object in cache_mem and then
a random time later it needed swapping out to disk to free up memory.

It could also happen if Squid needed to suddenly swap out a large number
of smaller items to make memory space available for a large one which is
about to arrive.

So, have you configured Squid to allow very large objects (many MB or
GB) in memory storage?


Note these causes would not show up in the testing you mentioned unless
you had a very wide range of test object sizes being pumped randomly
through the proxy. A tool like web polygraph is best to test that
traffic behaviour accurately.

Amos


On 5/04/2014 1:59 a.m., a.afach wrote:
 Dear all
 i still have the CPU spikes even when i used
 disable-strict-error-checking without using Cflags
 
 this is the gdb backtrace while the CPU spikes
 
 0x0051b348 in linklistPush (L=0x11853e188, p=0xce6d4300) at
 list.cc:47
 47  while (*L)
 (gdb) backtrace
 #0  0x0051b348 in linklistPush (L=0x11853e188, p=0xce6d4300) at
 list.cc:47
 #1  0x005a70a1 in UFSStoreState::write (this=0xb3970e28,
 buf=0x11fe69ca0
 !v\253r[/\307\232G\b\375`\237:\213\256^\335\373{\241%\232\363\021\071`\342\033\177a\202G\320{\323%\236K\342\243*\332\316\351\231=\360\370\313Ro=\317\262\243\315\027\351,\221\230\353Z\023\024q\QSC\036\214:M\242{@\351m\020\337Cw_\214\216\304\226\265\a\375\031\211\243V\222T\320\016\227\312-\211Sz\326^\346\230\251\327\222\n\373I\032\341\303==U\214\277\264\244\205\b1\346S=\230\215\204\245\254\312\223\066\336\230PpP\227\271\370\266;\362\226\242\036\225\235w\330\325\061\316{o_\364\021\062\351\376\062|\313\006`\357m\206FQ0\021\030C\224\004]\336\315\371\033h1\361\363\350d\366\066...,
 size=4096, aOffset=-1, free_func=0x5203b0 memNodeWriteComplete(void*))
 at ufs/store_io_ufs.cc:247
 #2  0x00554ca0 in doPages (anEntry=optimized out) at
 store_swapout.cc:160
 #3  StoreEntry::swapOut (this=0x372ca10) at store_swapout.cc:279
 #4  0x0054c986 in StoreEntry::invokeHandlers (this=0x372ca10) at
 store_client.cc:714
 #5  0x004dc1a7 in FwdState::complete (this=0xbb502b48) at
 forward.cc:341
 #6  0x005579a5 in ServerStateData::completeForwarding
 (this=0xf8030588) at Server.cc:239
 #7  0x005571bd in ServerStateData::serverComplete2
 (this=0xf8030588) at Server.cc:207
 #8  0x004ff3dc in HttpStateData::processReplyBody
 (this=0xf8030588) at http.cc:1382
 #9  0x004fd367 in HttpStateData::readReply (this=0xf8030588,
 io=...) at http.cc:1161
 #10 0x00503156 in JobDialerHttpStateData::dial
 (this=0xde75ca50, call=...) at base/AsyncJobCalls.h:175
 #11 0x00569ee4 in AsyncCall::make (this=0xde75ca20) at
 AsyncCall.cc:34
 #12 0x0056cb76 in AsyncCallQueue::fireNext (this=optimized
 out) at AsyncCallQueue.cc:53
 #13 0x0056ccf0 in AsyncCallQueue::fire (this=0x2586400) at
 AsyncCallQueue.cc:39
 #14 0x004d385c in EventLoop::runOnce (this=0x7fffcb3518d0) at
 EventLoop.cc:130
 #15 0x004d3938 in EventLoop::run (this=0x7fffcb3518d0) at
 EventLoop.cc:94
 #16 0x0051d35b in SquidMain (argc=optimized out,
 argv=optimized out) at main.cc:1418
 #17 0x0051dd83 in SquidMainSafe (argv=optimized out,
 argc=optimized out) at main.cc:1176
 #18 main (argc=optimized out, argv=optimized out) at main.cc:1168
 
 
 any idea about what's causing the cpu spike
 
 
 On 2014-03-31 16:34, Amos Jeffries wrote:
 On 2014-04-01 02:10, a.afach wrote:
 Dear Eliezer
 these are the configure options ...
 configure options:  '--prefix=/usr/local/squid-3.1.19'
 '--sysconfdir=/etc' '--sysconfdir=/etc/squid' '--localstatedir=/var'
 '--enable-auth=basic,digest,ntlm' '--enable-removal-policies=lru,heap'
 '--enable-digest-auth-helpers=password'
 '--enable-basic-auth-helpers=PAM,getpwnam,NCSA,MSNT'
 '--enable-external-acl-helpers=ip_user,session,unix_group'
 '--enable-ntlm-auth-helpers=fakeauth'
 '--enable-ident-lookups--enable-useragent-log'
 '--enable-cache-digests' '--enable-delay-pools' '--enable-referer-log'
 '--enable-arp-acl' '--with-pthreads' '--with-large-files'
 '--enable-htcp' '--enable-carp' '--enable-follow-x-forwarded-for'
 '--enable-snmp' '--enable-ssl' '--enable-storeio=ufs,diskd,aufs'
 '--enable-async-io' '--enable-linux-netfilter' '--enable-epoll'
 '--with-squid=/usr/squid-3.1.19' '--disable-ipv6' '--with-aio'
 '--with-aio-threads=128' 'build_alias=x86_64-pc-linux-gnu'
 'host_alias=x86_64-pc-linux-gnu' 'CC=x86_64-pc-linux-gnu-gcc'
 'CFLAGS=-O2 -pipe -m64 -mtune=generic' 'LDFLAGS=-Wl,-O1
 -Wl,--as-needed' 'CXXFLAGS=' '--cache-file=/dev/null' '--srcdir=.'


 Some more reasons to upgrade:
  * --disable-strict-error-checking avoids issues on Gentoo with -Werror
  * CFLAGS affects the

[squid-users] Re: Duration Access Limits

2014-04-05 Thread babajaga 
You can use the simplest MT equipmet, like this one
http://routerboard.com/RB951-2n

For the very beginning, without using script to keep off unwelcome guests,
you might simply reduce wireless TX power to a lower value, just to cover
your own area. 

Or, as a better solution, using MT user manager, you might print very small
tickets containing one-time user/password for login, to be handed out free
of charge to your guests only. So, nobody without a valid user/pwd will be
able to log into your own private hotspot.




--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/Duration-Access-Limits-tp4665424p4665447.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] squid cpu problem

2014-04-05 Thread Eliezer Croitoru 
I am almost sure that squid.conf and cache-mgr info and mem would help 
to see what is happening + free -m.


Eliezer

On 04/05/2014 11:37 AM, Amos Jeffries wrote:

So, have you configured Squid to allow very large objects (many MB or
GB) in memory storage?


Note these causes would not show up in the testing you mentioned unless
you had a very wide range of test object sizes being pumped randomly
through the proxy. A tool like web polygraph is best to test that
traffic behaviour accurately.

Amos