[squid-users] I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is 20840 and one of squid process is 57% , whether it will be fine ?

[johnzeng]

Hello Dear Sir

I redirect some http traffic to squid ( 90Mbps) and i found TIME_WAIT is
20840 and one of squid process is 57%

whether it will be normal condition ??

Whether we can balance cpu processing capacity

for full squid process !

Because we use squid 3.5.2 and use cache_dir rock part . Maybe squid
3.5.2 require to do automatic scheduling at full cpu core

i don't know whether i can use taskset for squid 3.5.3 as squid 2.7 ??


if possible , please give me some advisement


___
accerater
TIME_WAIT DETAIL
___

TIME_WAIT 20840
CLOSE_WAIT 59
SYN_SENT 7
FIN_WAIT1 23
FIN_WAIT2 294
ESTABLISHED 5902
SYN_RECV 13
LAST_ACK 11




CPU STATUS



Tasks: 381 total, 1 running, 380 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.1%us, 0.6%sy, 0.0%ni, 92.6%id, 0.2%wa, 0.0%hi, 2.5%si, 0.0%st
Mem: 65889452k total, 65038396k used, 851056k free, 790788k buffers
Swap: 976892k total, 0k used, 976892k free, 56220968k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1904 sqiduser 20 0 33.5g 710m 271m S 57 1.1 978:34.74 squid
1903 sqiduser 20 0 33.4g 609m 271m S 32 0.9 497:59.29 squid
1906 sqiduser 20 0 33.3g 555m 271m S 22 0.9 266:41.47 squid
1902 sqiduser 20 0 33.4g 651m 271m S 20 1.0 710:04.17 squid
1901 sqiduser 20 0 33.5g 694m 271m S 15 1.1 616:40.25 squid
2028 sqiduser 20 0 2406m 75m 1888 S 7 0.1 297:56.70 named
1907 sqiduser 20 0 33.4g 589m 270m S 7 0.9 167:37.24 squid
1908 sqiduser 20 0 33.3g 545m 270m S 5 0.8 155:50.67 squid
1905 sqiduser 20 0 33.3g 553m 270m S 1 0.9 121:05.67 squid


___

PART SQUID CONFIG
___

cache_mem 32172 MB
workers 8
cpu_affinity_map process_numbers=1,2,3,4,5,6,7,8 cores=1,3,5,7,9,11,13,15
cache_dir rock /acapp/webcache3/storage/cossbig1/squid1 17280
min-size=4097 max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /acapp/webcache3/storage/cosssmall1/squid1 1152
max-size=4096 max-swap-rate=250 swap-timeout=350
if ${process_number} = 1
unique_hostname fast_squid${process_number}
access_log stdio:/acapp/logs/webcache3/squid${process_number}/access.log
squid
cache_log /acapp/logs/webcache3/squid${process_number}/cache.log
snmp_port 3401
cache_dir aufs /acapp/webcache3/storage/aufs1/squid${process_number}
192000 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs2/squid${process_number}
192000 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs3/squid${process_number}
288096 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs4/squid${process_number}
288096 16 64 min-size=262145
endif
if ${process_number} = 2
unique_hostname fast_squid${process_number}
access_log stdio:/acapp/logs/webcache3/squid${process_number}/access.log
squid
cache_log /acapp/logs/webcache3/squid${process_number}/cache.log
snmp_port 3402
cache_dir aufs /acapp/webcache3/storage/aufs1/squid${process_number}
192000 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs2/squid${process_number}
192000 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs3/squid${process_number}
288096 16 64 min-size=262145
cache_dir aufs /acapp/webcache3/storage/aufs4/squid${process_number}
288096 16 64 min-size=262145
endif

..



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] about cpu status

[johnzeng]

Hello Dear SIr :

i deployed a set of squid 3.5.2 and redirect 300Mbps http traffic .

this is part config
workers 4
cpu_affinity_map process_numbers=1,2,3,4 cores=1,3,5,7


i check cpu status via top command ,and i found one of
squid is 92% at a time,

whether it will be correct ?




Tasks: 292 total, 5 running, 287 sleeping, 0 stopped, 0 zombie
Cpu(s): 5.8%us, 1.2%sy, 0.0%ni, 89.4%id, 2.1%wa, 0.0%hi, 1.5%si, 0.0%st
Mem: 65889452k total, 64218068k used, 1671384k free, 138480k buffers
Swap: 29116412k total, 0k used, 29116412k free, 53204068k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1982 cacheuser 20 0 33.9g 1.3g 408m R 92 2.0 228:49.60 squid
1983 cacheuser 20 0 33.9g 1.3g 408m R 56 2.1 254:23.07 squid
1981 cacheuser 20 0 33.9g 1.3g 406m S 36 2.0 159:40.23 squid
1984 cacheuser 20 0 33.5g 897m 408m R 33 1.4 189:14.00 squid
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] How to replace (squid/3.x.x) info at http reponse header via and warning

[johnzeng]

Hello Amos :

Thanks again .

John
> Hello Dear Sir
>
> How to replace (squid/3.x.x) info at http reponse header via and warning ,
>
> Whether i will updated HttpHeader.cc ?
>
> {"Via", HDR_VIA, ftStr}, /* for now */
> {"Warning", HDR_WARNING, ftStr}, /* for now */
>
>
> Best Regards
>
>
> John

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] How to replace (squid/3.x.x) info at http reponse header via and warning

[johnzeng]

Hello Dear Sir

How to replace (squid/3.x.x) info at http reponse header via and warning ,

Whether i will updated HttpHeader.cc ?

{"Via", HDR_VIA, ftStr}, /* for now */
{"Warning", HDR_WARNING, ftStr}, /* for now */


Best Regards


John
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] i have two question about https_port tproxy

[johnzeng]

Hello Dear Sir :

i will optimize https traffic recently at bridge tproxy environment , i
know squid will https_port tproxy ,

question one : Whether the feature ( https_port) will be stable at squid
3.5 ?

question two : https_proxy will optimize special website url via acl or
https_proxy can optimize full https website .

Sorry , i have't more experience about https_port .

Which direction will be suitable for small isp environtment

if possible , please give me some advisement .


Thanks
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] how i will avoid the warning info ? "This cache hit is still fresh and more than 1 day old"

[johnzeng]

Hello Amos:

i catch these info via firebug just now , I don't whether these info is
correct ,

but i hope to reduce refresh time via analying the warning info .


Best Regard





Access-Control-Allow-Orig...
*
Age
18049066
Cache-Control
max-age=31536
Content-Length
252
Content-Type
image/png
Date
Wed, 19 Aug 2015 08:49:41 GMT
Expires
Sat, 16 Aug 2025 08:49:41 GMT
Last-Modified
Tue, 05 May 2015 09:12:34 GMT
Server
Tengine
Timing-Allow-Origin
*
Via
cache1.l2ot7[0,200-0,H], cache21.l2ot7[11,0], cache5.us4[0,200-0,H],
cache1.us4[0,0]
Warning
113 squidcache2 (squid/3.5.2) This cache hit is still fresh and more
than 1 day old
X-Cache
HIT TCP_MEM_HIT dirn:10:654378664, HIT from squidcache
eagleid
42c618c914573689378574924e
x-swift-cachetime
304669034
x-swift-savetime
Mon, 21 Dec 2015 02:32:27 GMT
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] how i will avoid the warning info ? "This cache hit is still fresh and more than 1 day old"

[johnzeng]

Hello Dear Sir :

i found a warning info via firebug , how i will avoid the warning info ?

Age 474416
Cache-Control max-age=31536
Content-Length 1556
Content-Type image/jpeg
Date Sat, 05 Mar 2016 01:38:36 GMT
Expires Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified Wed, 25 Mar 2015 13:00:08 GMT
Server JDWS
Via http/1.1 BJ-Y-JCS-208 ( [cHs f ]), http/1.1 GZ-CT-1-JCS-107 ( [cRs f
]), 1.1 squid_cache2 (squid/3.5
.2)
Warning 113 squid_cache2 (squid/3.5.2) This cache hit is still fresh and
more than 1 day old
X-Cache HIT from squid_cache2


refresh_pattern \.htmll$ 480 50% 22160 reload-into-ims
refresh_pattern \.htm$ 480 50% 22160 reload-into-ims
refresh_pattern \.jpeg$ 10080 90% 43200 reload-into-ims
refresh_pattern \.jpg$ 10080 90% 43200 reload-into-ims


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] after i checked via firebug ( firefox addon) , i found waiting time is very high via monitor hit small object , how i do reduce the waiting time for hit object ??

[johnzeng]

Hello Dear Amos:

I guess i know real reason via analying request and rep header of firebug .

i found our cache obtained data from other cache(not us ) , and Age is
small value or 0 ,

So our cache have to refresh or confirm with other cache often .

and we i found waiting time is very high via monitor some hit objects .


Whether we can increase age value via squid config ?


Thanks for your advisement



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] How to cache <1KB content ? How to improve hit ratio in memory

[johnzeng]

Hello Dear Sir


I hope i can improve hit ratio of cache system recently , but i have two
question .

first : whether maximum_object_size_in_memory can be writed ( other
value less than 1KB)

maximum_object_size_in_memory 500 bytes ( whether it will be correct )


Second :

When i set maximum_object_size_in_memory 4 KB and i found
TCP_MEM_HIT/200 ( hit ratio )is very low based memory storage

When i set maximum_object_size_in_memory 1 KB and i found TCP_HIT/200 (
hit ratio based disk storage )is

better than TCP_MEM_HIT/200( memory storage)

How to improve hit ratio in memory ?


maximum_object_size_in_memory 1 KB

04/Mar/2016:14:56:06 +0800.318 1 192.168.0.56 TCP_HIT/200 1113 GET
http://image.sinajs.cn/newchart/small/t/sh01.gif - HIER_NONE/- image/gif
04/Mar/2016:14:56:08 +0800.106 0 192.168.0.56 TCP_HIT/200 1113 GET
http://image.sinajs.cn/newchart/small/t/sh01.gif - HIER_NONE/- image/gif
04/Mar/2016:14:43:08 +0800.479 0 192.168.0.56 TCP_HIT/200 1656 GET
http://www.swjtu.edu.cn/themes/12163/default494/images/bin_ico.png -
HIER_NONE/- image/png
04/Mar/2016:14:43:08 +0800.485 1 192.168.0.56 TCP_HIT/200 3929 GET
http://www.swjtu.edu.cn/themes/12163/default494/images/ico_arrow.png -
HIER_NONE/- image/png

maximum_object_size_in_memory 4 KB

04/Mar/2016:11:35:24 +0800.708 0 192.168.0.56 TCP_MEM_HIT/200 2037 GET
http://cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/bd-logo5.png -
HIER_NONE/- image/png

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] how to realize (external_acl_type) logout without squid -k reconfigure

[johnzeng]

Hello Dear Sir :

We tested external_acl_type for web authentication via writing check.php ,

and login feature is fine

squid config is

external_acl_type session ipv4 concurrency=10 ttl=3600 negative_ttl=0
cache=1048576 %SRC /opt/check.php

check.php ( for login) is

fwrite(STDOUT, $source_ip. OK\n);


But if we don't squid -k reconfigure , logout feature is bad for me how
to update Ok or ERR cache entry without squid -k reconfigure

check.php ( for logout ) is

fwrite(STDOUT, $source_ip. ERR\n);



if possible , please give me some advisement





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] how to realize (external_acl_type) logout without squid -k reconfigure

[johnzeng]

Hello Dear Sir :






 We tested external_acl_type for web authentication via writing check.php ,

and login feature is fine

squid config is

external_acl_type session ipv4 concurrency=10 ttl=3600 negative_ttl=0
cache=1048576 %SRC /opt/check.php

check.php ( for login) is

fwrite(STDOUT, $stream_id. OK\n);


But if we don't squid -k reconfigure , logout feature is bad for me how
to update Ok or ERR cache entry without squid -k reconfigure

check.php ( for logout ) is

fwrite(STDOUT, $stream_id. ERR\n);



if possible , please give me some advisement



$stream_line = trim(fgets(STDIN));
$stream_array = split([ ]+, $stream_line);

if(isset($stream_array[1]))
{
$stream_ip = trim($stream_array[1]);
}

if(isset($stream_array[0]))
{
$stream_id = trim($stream_array[0]);
}
 



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] hi , i don't receive any info from squid-users@lists.squid-cache.org now

[johnzeng]

HI Amos :

hi , i don't receive any info from squid-users@lists.squid-cache.org now ,

if possible , please help me to check .


Best Regards

john
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] a question about Dns lookup

[johnzeng]

Hello All

I deploy squid 3.5.2 and Bind9 at same box , and redirect full dns
request to Bind server via setting /etc/resolv.conf nameserver 127.0.0.1

and i use tproxy and bridge mode , but when traffic thourgh squid , and
i found dns resolving rate will be slow than privious status .

Whether i need configure --/disable/-internal-/dns/ or other ??


if possible , please give me some advisement .


Best Regards

john
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] rock communication channel establishment timeout

[johnzeng]

Hello Dear All

i meet a strange problem , when i run cache_dir rock , and i found error
info

rock communication channel establishment timeout

if possible, please give me some advisement


This is my config


cache_dir rock /accerater/webcache3/storage/cossbig1/opmizer1 9485
min-size=4097 max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cosssmall1/opmizer1 499
max-size=4096 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cossbig2/opmizer1 9090
min-size=4097 max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cosssmall2/opmizer1 478
max-size=4096 max-swap-rate=250 swap-timeout=350


this is error info

2015/03/25 18:02:41 kid4| ERROR:
/accerater/webcache3/storage/cossbig1/opmizer1/rock communication
channel establishment timeout
2015/03/25 18:02:41 kid4| Closing HTTP port [::]:3233
2015/03/25 18:02:41 kid4| Closing HTTP port [::]:3133
FATAL: Rock cache_dir at
/accerater/webcache3/storage/cossbig1/opmizer1/rock failed to open db
file: (11) Resource temporarily unavailable
2015/03/25 18:02:42 kid3| ERROR:
/accerater/webcache3/storage/cossbig1/opmizer2/rock communication
channel establishment timeout
2015/03/25 18:02:42 kid3| Closing HTTP port [::]:3232
2015/03/25 18:02:42 kid3| Closing HTTP port [::]:3132
FATAL: Rock cache_dir at
/accerater/webcache3/storage/cossbig1/opmizer2/rock failed to open db
file: (11) Resource temporarily unavaila



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] rock communication channel establishment timeout

[johnzeng]

Hello Dear All

i meet a strange problem , when i run cache_dir rock , and i found error
info

rock communication channel establishment timeout

if possible, please give me some advisement


This is my config


cache_dir rock /accerater/webcache3/storage/cossbig1/opmizer1 9485
min-size=4097 max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cosssmall1/opmizer1 499
max-size=4096 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cossbig2/opmizer1 9090
min-size=4097 max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/cosssmall2/opmizer1 478
max-size=4096 max-swap-rate=250 swap-timeout=350


this is error info

2015/03/25 18:02:41 kid4| ERROR:
/accerater/webcache3/storage/cossbig1/opmizer1/rock communication
channel establishment timeout
2015/03/25 18:02:41 kid4| Closing HTTP port [::]:3233
2015/03/25 18:02:41 kid4| Closing HTTP port [::]:3133
FATAL: Rock cache_dir at
/accerater/webcache3/storage/cossbig1/opmizer1/rock failed to open db
file: (11) Resource temporarily unavailable
2015/03/25 18:02:42 kid3| ERROR:
/accerater/webcache3/storage/cossbig1/opmizer2/rock communication
channel establishment timeout
2015/03/25 18:02:42 kid3| Closing HTTP port [::]:3232
2015/03/25 18:02:42 kid3| Closing HTTP port [::]:3132
FATAL: Rock cache_dir at
/accerater/webcache3/storage/cossbig1/opmizer2/rock failed to open db
file: (11) Resource temporarily unavaila
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] WARNING: 1 swapin MD5 mismatches and BUG 3279: HTTP reply without Date:

[johnzeng]

Hello All

i check squid log, and i found some Warning info and bug info , Whether
it will affect normal access ?

if possible, please give me some direction for sloving the problem


2015/03/19 19:29:02 kid1| WARNING: 1 swapin MD5 mismatches
2015/03/19 19:29:02 kid1| Could not parse headers from on disk object
2015/03/19 19:29:02 kid1| BUG 3279: HTTP reply without Date:
2015/03/19 19:29:02 kid1| StoreEntry-key: 04F6FAEC243D0C8E4A3DAB9C14276F04
2015/03/19 19:29:02 kid1| StoreEntry-next: 0
2015/03/19 19:29:02 kid1| StoreEntry-mem_obj: 0xb096600
2015/03/19 19:29:02 kid1| StoreEntry-timestamp: -1
2015/03/19 19:29:02 kid1| StoreEntry-lastref: 1426764542
2015/03/19 19:29:02 kid1| StoreEntry-expires: -1
2015/03/19 19:29:02 kid1| StoreEntry-lastmod: -1
2015/03/19 19:29:02 kid1| StoreEntry-swap_file_sz: 0
2015/03/19 19:29:02 kid1| StoreEntry-refcount: 1
2015/03/19 19:29:02 kid1| StoreEntry-flags: PRIVATE,FWD_HDR_WAIT,VALIDATED
2015/03/19 19:29:02 kid1| StoreEntry-swap_dirn: -1
2015/03/19 19:29:02 kid1| StoreEntry-swap_filen: -1
2015/03/19 19:29:02 kid1| StoreEntry-lock_count: 3
2015/03/19 19:29:02 kid1| StoreEntry-mem_status: 0
2015/03/19 19:29:02 kid1| StoreEntry-ping_status: 2
2015/03/19 19:29:02 kid1| StoreEntry-store_status: 1
2015/03/19 19:29:02 kid1| StoreEntry-swap_status: 0
2015/03/19 19:29:02 kid1| assertion failed: store.cc:1885: isEmpty()

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

[johnzeng]

   Hello Dan:

i used 3.5.2 just now , i worried 3.5.3 isn't 
very stable too ,


i use 2.7stable 9 ago ,  and you ?

   if version is 3.xxx , which version is stablest 
until now .



   Best Regard

于 2015年03月20日 08:07, Dan Charlesworth 写道:

Well I got 3.5.2 into production for a few hours and Bad Things happened:

*1) A hefty performance hit*
Load average was maybe a tad higher but CPU. memory and I/O were about 
the same. However the system seemed to top out at around 40 requests 
per second (on a client that usually hits 100—150 rps) and squid 
became very slow to respond to squidclient requests:
[root@proxy-LS5 ~]# time squidclient -p 8080 mgr:utilization | grep 
client_http.requests

client_http.requests = 40.965955/sec
client_http.requests = 41.168528/sec
client_http.requests = 42.111847/sec
client_http.requests = 166646

real0m7.163s
user0m0.002s
sys0m0.006s

*2) Lots of Segment Violations*
These obviously suck. Backtrace attached.

Just cannot win. Is it possible these two issues are due to the patch 
for #4206?





On 16 Mar 2015, at 6:18 pm, Amos Jeffries squ...@treenet.co.nz 
mailto:squ...@treenet.co.nz wrote:


On 16/03/2015 7:16 p.m., Dan Charlesworth wrote:

Hey again Amos -

Unfortunately the patch for #4206 won’t apply to squid-3.4.12. I was 
going to try creating a new one but couldn’t find an equivalent line 
in client_side.cc for that version.


I guess the #4206 issue doesn’t apply to v3.4.x after all?


Correct. Oh well.




[Not a C programmer]

Thanks for your time today.

P.S. I'd love to upgrade to v3.5 but I'm waiting for somebody 
smarter than me to take the lead on a CentOS 6 RPM SPEC file.


Eliezer to the rescue ;-)
http://wiki.squid-cache.org/KnowledgeBase/CentOS#Squid-3.5


Amos





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] assertion failed: client_side.cc:1515: connIsUsable(http-getConn())

[johnzeng]

Hello Dan:

 i used squid 2.7stable9 ago ,and i worried whether 
squid 3.5.2 is stablest for us until now too .


 and you ?

 Do you think Whether version is stablest at squid 
3.xxx  ?









Well I got 3.5.2 into production for a few hours and Bad Things happened:

*1) A hefty performance hit*
Load average was maybe a tad higher but CPU. memory and I/O were about 
the same. However the system seemed to top out at around 40 requests 
per second (on a client that usually hits 100—150 rps) and squid 
became very slow to respond to squidclient requests:
[root@proxy-LS5 ~]# time squidclient -p 8080 mgr:utilization | grep 
client_http.requests

client_http.requests = 40.965955/sec
client_http.requests = 41.168528/sec
client_http.requests = 42.111847/sec
client_http.requests = 166646

real0m7.163s
user0m0.002s
sys0m0.006s

*2) Lots of Segment Violations*
These obviously suck. Backtrace attached.

Just cannot win. Is it possible these two issues are due to the patch 
for #4206?





On 16 Mar 2015, at 6:18 pm, Amos Jeffries squ...@treenet.co.nz 
mailto:squ...@treenet.co.nz wrote:


On 16/03/2015 7:16 p.m., Dan Charlesworth wrote:

Hey again Amos -

Unfortunately the patch for #4206 won’t apply to squid-3.4.12. I was 
going to try creating a new one but couldn’t find an equivalent line 
in client_side.cc for that version.


I guess the #4206 issue doesn’t apply to v3.4.x after all?


Correct. Oh well.




[Not a C programmer]

Thanks for your time today.

P.S. I'd love to upgrade to v3.5 but I'm waiting for somebody 
smarter than me to take the lead on a CentOS 6 RPM SPEC file.


Eliezer to the rescue ;-)
http://wiki.squid-cache.org/KnowledgeBase/CentOS#Squid-3.5


Amos





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] (about external_acl_type problem ) two people can't login and access internet together

[johnzeng]

Hello All


 if possible ,please give me some advisement , thanks 



 Whether ttl=50 （value) is too low , Maybe i will update ttl value to
ttl=3600 cache=1048576 .

i have a question still , Whether cached results for external_acl is
reponse from helper program ?

for example :

if FORMAT is %SRC , and helper progrm return OK\n ,

and external_acl_type tell squid to cache suitable %SRC ( for example :
client is 192.168.0.21 ,and will cache 192.168.0.21 into Cache valued )

if helper progrm return ERR\n ,

won't cache any value or cache src ip into cached negative valued ...


Whether My understanding is correct ?

  external_acl_type name [options] FORMAT.. /path/to/helper [helper 
arguments..]

Options:

  ttl=n TTL in seconds for cached results (defaults to 3600
for 1 hour)

  negative_ttl=n
TTL for cached negative lookups (default same
as ttl)



  cache=n   Limit the result cache size, default is 262144.
The expanded FORMAT value is used as the cache key, so
if the details in FORMAT are highly variable a larger
cache may be needed to produce reduction in helper load.




http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html


Hello All:

i test splash portal via external_acl_type ...

Although the first people succeed to login and can access internet , but
when second people succeed to login and can access internet ,

and the firest people have to login again . when the firest people
succeed to login and can access internet ,

second people have to login again .


my meaning is : There's only one person who can access internet at same
time



I guess [channel-ID] is error at my config , but i can't confirm.


if concurrency=10

how to identify or find correct [channel-ID] ,

and

Whether return value format is correct for squid ?

for example

fwrite(STDOUT, $stream_id. ERR\n);



If possible , please give me some advisement .



http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper

Squid.conf ---

external_acl_type session ipv4 concurrency=10 ttl=50 %SRC
/accerater/webgui/public/wifiportal/logincheck.php
acl session_login external session
acl splash_page url_regex -i ^http://192.168.0.198/wifiportal/index.html

deny_info http://192.168.0.198/wifiportal/index.html session_login

http_access allow splash_page
http_access deny !session_login

--Helper program config ( php )-

while (!feof(STDIN))
{
$stream_line = trim(fgets(STDIN));
$stream_array = split([ ]+, $stream_line);
$stream_ip = trim($stream_array[1]);
$stream_id = trim($stream_array[0]);

.

fwrite(STDOUT, $stream_id. ERR\n);



fwrite(STDOUT, $stream_id. OK\n);






___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] (about external_acl_type problem ) two people can't login and access internet together

[johnzeng]

Hello Amos:

   Thanks again , and i tested for the part and sloved 
the problem just now .



Have a good day with you .


Best Regards

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] (about external_acl_type problem ) two people can't login and access internet together

[johnzeng]

Hello All

Whether ttl=50 （value) is too low , Maybe i will update ttl value to
ttl=3600 cache=1048576 .

i have a question still , Whether cached results for external_acl is
reponse from helper program ?

for example :

if FORMAT is %SRC , and helper progrm return OK\n ,

and external_acl_type tell squid to cache suitable %SRC ( for example :
client is 192.168.0.21 ,and will cache 192.168.0.21 into Cache valued )

if helper progrm return ERR\n ,

won't cache any value or cache src ip into cached negative valued ...


Whether My understanding is correct ?

  external_acl_type name [options] FORMAT.. /path/to/helper [helper 
arguments..]

Options:

  ttl=n TTL in seconds for cached results (defaults to 3600
for 1 hour)

  negative_ttl=n
TTL for cached negative lookups (default same
as ttl)



  cache=n   Limit the result cache size, default is 262144.
The expanded FORMAT value is used as the cache key, so
if the details in FORMAT are highly variable a larger
cache may be needed to produce reduction in helper load.




http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html


Hello All:

i test splash portal via external_acl_type ...

Although the first people succeed to login and can access internet , but
when second people succeed to login and can access internet ,

and the firest people have to login again . when the firest people
succeed to login and can access internet ,

second people have to login again .


my meaning is : There's only one person who can access internet at same
time



I guess [channel-ID] is error at my config , but i can't confirm.


if concurrency=10

how to identify or find correct [channel-ID] ,

and

Whether return value format is correct for squid ?

for example

fwrite(STDOUT, $stream_id. ERR\n);



If possible , please give me some advisement .



http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29
http://wiki.squid-cache.org/EliezerCroitoru/SessionHelper

Squid.conf ---

external_acl_type session ipv4 concurrency=10 ttl=50 %SRC
/accerater/webgui/public/wifiportal/logincheck.php
acl session_login external session
acl splash_page url_regex -i ^http://192.168.0.198/wifiportal/index.html

deny_info http://192.168.0.198/wifiportal/index.html session_login

http_access allow splash_page
http_access deny !session_login

--Helper program config ( php )-

while (!feof(STDIN))
{
$stream_line = trim(fgets(STDIN));
$stream_array = split([ ]+, $stream_line);
$stream_ip = trim($stream_array[1]);
$stream_id = trim($stream_array[0]);

.

fwrite(STDOUT, $stream_id. ERR\n);



fwrite(STDOUT, $stream_id. OK\n);




___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.2.5 helpers/external_acl/session compile problem

[johnzeng]

Hello Dear Eliezer:

 Ubuntu 10.04 and  linux kernel : 
2.6.32-33-generic



于 2015年03月15日 22:35, Eliezer Croitoru 写道:

Hey,

What OS are you building squid on?

Eliezer

On 14/03/2015 14:34, johnzeng wrote:

Hello All:

I try to compile helpers/external_acl/session too , and Db evirontment
is db-4.8.30 ( Berkeley DB) , Maybe it will be caused by error Bdb 
version .


But i can't confirm .


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] i hope to use external ACL + ldap at squid 3.5.2, but i don't find ext_ldap_group_acl and basic_ldap_auth from /squid/libexec/

[johnzeng]

Hi Amos:

  How i will  build LDAP libraries for squid ?

  We built openldap-2.4.39 environment .

   We operated  command  source /etc/ld.so.conf  , 
include  /accerater/env/ldap/lib  /accerater/env/ldap/include


/accerater/env/ldap/lib

liblber-2.4.so.2   liblber.a   liblber.so libldap-2.4.so.2.10.2  
libldap.la libldap_r-2.4.so.2.10.2  libldap_r.la  libldap.so
liblber-2.4.so.2.10.2  liblber.la  libldap-2.4.so.2 
libldap.a  libldap_r-2.4.so.2 libldap_r.a  
libldap_r.so


/accerater/env/ldap/include

lber.h  lber_types.h  ldap_cdefs.h  ldap_features.h  ldap.h 
ldap_schema.h  ldap_utf8.h  ldif.h  slapi-plugin.h



This is new configure in according to your advisement


./configure --prefix=/accerater/webcache3 
--enable-follow-x-forwarded-for --enable-snmp --enable-linux-netfilter 
--enable-storeio=aufs,rock --enable-wccpv2 --with-large-files 
--enable-removal-policies=lru,heap --enable-async-io=128 
--enable-http-violations  --with-maxfd=65536 --enable-large-cache-files 
--enable-delay-pools --enable-forward-log --with-pthreads 
LIBS=-ltcmalloc --enable-url-rewrite-helpers --enable-log-daemon-helpers 
--enable-epoll --enable-ltdl-convenience --with-included-ltdl 
--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped 
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group 
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB 
--enable-auth-digest=file,LDAP --enable-cache-digests 
--enable-auth-negotiate=kerberos,wrapper --enable-auth-ntlm=fake,smb_lm





if possible , please advise me how to do .


于 2015年03月14日 13:07, Amos Jeffries 写道:

On 14/03/2015 5:37 a.m., johnzeng wrote:

Hello All:

i hope to use external ACL + ldap at squid 3.5.2, but i don't find
ext_ldap_group_acl and basic_ldap_auth from /squid/libexec/

if possible , please give me some advisement . Thanks


You are missing the LDAP libraries needed to build them.


This is my config


configure options: '--prefix=/accerater/webcache3'
'--enable-follow-x-forwarded-for' '--enable-snmp'
'--enable-linux-netfilter' '--enable-storeio=aufs,rock'
'--enable-wccpv2' '--with-large-files'
'--enable-removal-policies=lru,heap' '--enable-async-io=128'
'--enable-http-violations'

All of these ...


'--enable-default-err-language=English'
'--enable-err-languages=English' '--enable-referer-log'
'--enable-useragent-log'

... to here are no longer existing otpions.


'--with-maxfd=65536'
'--enable-large-cache-files' '--enable-delay-pools'
'--enable-forward-log' '--with-pthreads' 'LIBS=-ltcmalloc'
'--disable-internal-dns'

Disable of interal DNS is no longer an existing option.


'--enable-url-rewrite-helpers'
'--enable-log-daemon-helpers' '--enable-epoll'
'--enable-ltdl-convenience' '--with-included-ltdl'
'--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped'

This is full file at /squid/libexec


basic_db_auth basic_ncsa_auth basic_smb_auth digest_file_auth
ext_unix_group_acl log_file_daemon storeid_file_rewrite
basic_fake_auth basic_nis_auth basic_smb_auth.sh ext_delayer_acl
ext_wbinfo_group_acl negotiate_wrapper_auth unlinkd
basic_getpwnam_auth basic_pop3_auth basic_smb_lm_auth
ext_file_userip_acl helper-mux.pl ntlm_fake_auth url_fake_rewrite
basic_msnt_multi_domain_auth basic_radius_auth cachemgr.cgi
ext_sql_session_acl log_db_daemon ntlm_smb_lm_auth url_fake_rewrite.sh

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] squid 3.2.5 helpers/external_acl/session compile problem

[johnzeng]

Hello All

i read the link

http://www.squid-cache.org/mail-archive/squid-users/201112/0339.html

but i cat config.log | grep HAVE_DB_H in according to the advisement
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1
 | #define HAVE_DB_H 1




 Hello All:

 I try to compile helpers/external_acl/session too , and Db evirontment
 is db-4.8.30 ( Berkeley DB) , Maybe it will be caused by error Bdb version .

 But i can't confirm .

 ./configure --prefix=/accerater/webcache3
 --enable-follow-x-forwarded-for --enable-snmp --enable-linux-netfilter
 --enable-storeio=aufs,rock --enable-wccpv2 --with-large-files
 --enable-removal-policies=lru,heap --enable-async-io=128
 --enable-http-violations --with-maxfd=65536 --enable-large-cache-files
 --enable-delay-pools --enable-forward-log --with-pthreads
 LIBS=-ltcmalloc --enable-url-rewrite-helpers --enable-log-daemon-helpers
 --enable-epoll --enable-ltdl-convenience --with-included-ltdl
 --enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped
 CXXFLAGS=-I/accerater/env/ldap/include -I/accerater/env/bdb/include
 LDFLAGS=-L/accerater/env/ldap/lib -L/accerater/env/bdb/lib


 This is error compile info

 libtool: link: g++ -Wall -Wpointer-arith -Wwrite-strings -Wcomments
 -Wshadow -Werror -pipe -D_REENTRANT -m32 -D_LARGEFILE_SOURCE
 -D_FILE_OFFSET_BITS=64 -I/accerater/env/bdb/include -march=native -m32
 -o ext_session_acl ext_session_acl.o -L/accerater/env/bdb/lib
 ../../../compat/.libs/libcompat-squid.a
 ext_session_acl.o: In function `init_db()':
 ext_session_acl.cc:(.text+0x5a): undefined reference to `db_env_create'
 ext_session_acl.cc:(.text+0x101): undefined reference to `db_create'
 ext_session_acl.cc:(.text+0x1d6): undefined reference to `db_create'


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] i hope to use external ACL + ldap at squid 3.5.2, but i don't find ext_ldap_group_acl and basic_ldap_auth from /squid/libexec/

[johnzeng]

Hello All:

i hope to use external ACL + ldap at squid 3.5.2, but i don't find
ext_ldap_group_acl and basic_ldap_auth from /squid/libexec/

if possible , please give me some advisement . Thanks

This is my config


configure options: '--prefix=/accerater/webcache3'
'--enable-follow-x-forwarded-for' '--enable-snmp'
'--enable-linux-netfilter' '--enable-storeio=aufs,rock'
'--enable-wccpv2' '--with-large-files'
'--enable-removal-policies=lru,heap' '--enable-async-io=128'
'--enable-http-violations' '--enable-default-err-language=English'
'--enable-err-languages=English' '--enable-referer-log'
'--enable-useragent-log' '--with-maxfd=65536'
'--enable-large-cache-files' '--enable-delay-pools'
'--enable-forward-log' '--with-pthreads' 'LIBS=-ltcmalloc'
'--disable-internal-dns' '--enable-url-rewrite-helpers'
'--enable-log-daemon-helpers' '--enable-epoll'
'--enable-ltdl-convenience' '--with-included-ltdl'
'--enable-disk-io=AIO,Blocking,DiskThreads,IpcIo,Mmapped'

This is full file at /squid/libexec


basic_db_auth basic_ncsa_auth basic_smb_auth digest_file_auth
ext_unix_group_acl log_file_daemon storeid_file_rewrite
basic_fake_auth basic_nis_auth basic_smb_auth.sh ext_delayer_acl
ext_wbinfo_group_acl negotiate_wrapper_auth unlinkd
basic_getpwnam_auth basic_pop3_auth basic_smb_lm_auth
ext_file_userip_acl helper-mux.pl ntlm_fake_auth url_fake_rewrite
basic_msnt_multi_domain_auth basic_radius_auth cachemgr.cgi
ext_sql_session_acl log_db_daemon ntlm_smb_lm_auth url_fake_rewrite.sh
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whether squid 3.5.2 can support rock at wccp tproxy environment really ?

[johnzeng]

  Hello Amos:

  Ok,  I see

  Thanks again.

   Have a good day with you .






Hello Amos:

---


For starters,
  WCCP is a network protocol Squid uses to inform remote routers that it
is active and what traffic it can receive.
  rock is a layout format for bits stored on a disk.
  ... they are *completely* unrelated.

-

Your meaning is running two different process for wccp redirection and
Cache operation ?


I mean they are different like shelves in a cabinet versus a spoken
sentence.

And yes, they are probably also in different processes in your setup.

Amos



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Whether squid 3.5.2 can support rock at wccp tproxy environment really ?

[johnzeng]

Hello Amos:

--- 



For starters,
 WCCP is a network protocol Squid uses to inform remote routers that it
is active and what traffic it can receive.
 rock is a layout format for bits stored on a disk.
 ... they are *completely* unrelated.

-

Your meaning is running two different process for wccp redirection and Cache 
operation ?

first process is for wccp redirection

and other process is for Cache operation


 





于 2015年03月09日 13:01, Amos Jeffries 写道:

On 9/03/2015 4:38 p.m., johnzeng wrote:


Hello Dear All :

I face a problem recently , When i config wccp ( tproxy ) environment (
via using squid 3.5.2 ) ,

if i disable cache_dir rock part ,and it will be success for wccp(
tproxy) , and enable cache_dir aufs

#cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

but if i enable cache_dir rock part ,and it will be failure for wccp(
tproxy) and enable cache_dir aufs

cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350


Whether some of my config is error , if possible , please give me some
advisement


For starters,
  WCCP is a network protocol Squid uses to inform remote routers that it
is active and what traffic it can receive.
  rock is a layout format for bits stored on a disk.
  ... they are *completely* unrelated.




This is my config


thanks

---

coredump_dir /accerater/logs/webcache3/
unlinkd_program /accerater/webcache3/libexec/unlinkd
pid_filename /accerater/logs/webcache3/opmizer1/cache.pid


workers 2
cpu_affinity_map process_numbers=1,2 cores=1,3

cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

You are telling Squid to start two controllers to the database file
/accerater/webcache3/storage/rock1 from *each* worker. There is zero
benefit from this and the two controllers may enounter collisions as
they compete for acces to the disk without sharing atomic locks. That
leads to cache corruption.

Remove one of those two lines.



if ${process_number} = 1

cache_swap_state /accerater/logs/webcache3/opmizer1_swap_log1

Dont use cache_swap_state.


access_log stdio:/accerater/logs/webcache3/opmizer1_access.log squid

Use this instead (mind the wrap):

access_log
stdio:/accerater/logs/webcache/opmizer${process_number}_access.log squid


cache_log /accerater/logs/webcache3/opmizer1_cache.log


Use this instead:

cache_log /accerater/logs/webcache3/opmizer${process_number}_cache.log


cache_store_log stdio:/accerater/logs/webcache3/opmizer1_store.log

You should not need cache_store_log at all.

Either remove it or use this instead (mind the wrap):

cache_store_log
stdio:/accerater/logs/webcache3/opmizer${process_number}_store.log



url_rewrite_program /accerater/webcache3/media/mediatool/media2
store_id_program /accerater/webcache3/media/mediatool/media1

Why do you have different binary executable names for the two workers
helpers?

If they are actually different, then the traffic will have different
things applied randomly depending on which worker happened to accept the
TCP connection. If they are the same, then you only need to define them
once and workers will start their own sets as needed.



unique_hostname fast_opmizer1
snmp_port 3401

Use this instead:

  unique_hostname fast_opmizer${process_number}
  snmp_port 340${process_number}


All of the above details can move up out of the per-worker area.



#cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number} 5200
16 64 min-size=262145

else

#endif


if ${process_number} = 2


cache_swap_state /accerater/logs/webcache3/opmizer2_swap_log
access_log stdio:/accerater/logs/webcache3/opmizer2_access.log squid
cache_log /accerater/logs/webcache3/opmizer2_cache.log
cache_store_log stdio:/accerater/logs/webcache3/opmizer2_store.log
url_rewrite_program /accerater/webcache3/media/mediatool/media4
store_id_program /accerater/webcache3/media/mediatool/media3
unique_hostname fast_opmizer2
snmp_port 3402


Same notes as for worker 1.



#cache_dir rock /accerater/webcache3/storage/rock2 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number} 5200
16 64 min-size=262145

endif

endif



http_port 127.0.0.1:3220
http_port 3221 tproxy

wccp_version 2
wccp2_router

[squid-users] Whether squid 3.5.2 can support rock at wccp tproxy environment really ?

[johnzeng]

Hello Dear All :

I face a problem recently , When i config wccp ( tproxy ) environment (
via using squid 3.5.2 ) ,

if i disable cache_dir rock part ,and it will be success for wccp(
tproxy) , and enable cache_dir aufs

#cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

but if i enable cache_dir rock part ,and it will be failure for wccp(
tproxy) and enable cache_dir aufs

cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350


Whether some of my config is error , if possible , please give me some
advisement


This is my config


thanks

---

coredump_dir /accerater/logs/webcache3/
unlinkd_program /accerater/webcache3/libexec/unlinkd
pid_filename /accerater/logs/webcache3/opmizer1/cache.pid


workers 2
cpu_affinity_map process_numbers=1,2 cores=1,3

cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350
cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350


if ${process_number} = 1

cache_swap_state /accerater/logs/webcache3/opmizer1_swap_log1
access_log stdio:/accerater/logs/webcache3/opmizer1_access.log squid
cache_log /accerater/logs/webcache3/opmizer1_cache.log
cache_store_log stdio:/accerater/logs/webcache3/opmizer1_store.log
url_rewrite_program /accerater/webcache3/media/mediatool/media2
store_id_program /accerater/webcache3/media/mediatool/media1
unique_hostname fast_opmizer1
snmp_port 3401

#cache_dir rock /accerater/webcache3/storage/rock1 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number} 5200
16 64 min-size=262145

else

#endif


if ${process_number} = 2


cache_swap_state /accerater/logs/webcache3/opmizer2_swap_log
access_log stdio:/accerater/logs/webcache3/opmizer2_access.log squid
cache_log /accerater/logs/webcache3/opmizer2_cache.log
cache_store_log stdio:/accerater/logs/webcache3/opmizer2_store.log
url_rewrite_program /accerater/webcache3/media/mediatool/media4
store_id_program /accerater/webcache3/media/mediatool/media3
unique_hostname fast_opmizer2
snmp_port 3402

#cache_dir rock /accerater/webcache3/storage/rock2 2646 min-size=4096
max-size=262144 max-swap-rate=250 swap-timeout=350

cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number} 5200
16 64 min-size=262145

endif

endif



http_port 127.0.0.1:3220
http_port 3221 tproxy

wccp_version 2
wccp2_router 192.168.2.1
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_assignment_method 1
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80

tcp_outgoing_address 192.168.2.2

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] WARNING: disk-cache maximum object size is too large for mem-cache: 102400.00 KB 90.00 KB

[johnzeng]

Hello  Amos :

 Sorry , previous config is a simple config file 
for testing tproxy.


 But i checked again and switch different part of 
config for disabling the warning info and find real reason .


 first config ( it will cause warning info)  :

 maximum_object_size 100 MB
 maximum_object_size_in_memory 4095 bytes

 WARNING: disk-cache maximum object size is too 
large for mem-cache: 102400.00 KB  4.00 KB



 Second config ( no any warning info ) :

 maximum_object_size 10 MB
 maximum_object_size_in_memory 10 MB

 or

 maximum_object_size 4095 bytes
 maximum_object_size_in_memory 4095 bytes

 or

 maximum_object_size 10 MB
 maximum_object_size_in_memory 11 MB


 if condition is   maximum_object_size   =  
maximum_object_size_in_memory at our config , We won't find warning info ,


 But i think it will be error direction .


 Whether it is a bug ,  if possible , please give 
me some advisement .



 Best Regards

 john

于 2015年03月03日 23:36, Amos Jeffries 写道:

On 4/03/2015 3:12 a.m., johnzeng wrote:

Hi :

Thanks Amos Jeffries, i updated to squid 3.5.2 and

tested QQ and other application at two different environment ( between
intercept and tproxy ) in according to your advisement .

result is ok as your saying .

Thanks again .

but i checked cache log and found ( WARNING: disk-cache maximum object
size is too large for mem-cache: 102400.00 KB  90.00 KB

Whether there are some error at my config ??


I'm not sure exactly why that is being warned about. Its reasonable to
have a smaller object size for memory-only objects. I think not to worry
about it.


The size ranges in your config look a little strange though.

* objects between 1KB and 90KB are allowed to be stored only in memory

* objects between 262KB and 100MB are allowed to be stored only on disk

* objects under 1KB, between 90KB and 262KB, or over 100MB are not
allowed to be stored anywhere at all.



Also, how is the multiple PID file setup working out?
  The PID file is supposed to contain the ID number of the master process
in charge of the whole process tree and managing signals received from
the init system and squid -k commands.

Amos




this is my config

-


minimum_object_size 1 KB
maximum_object_size 100 MB
maximum_object_size_in_memory 90 KB

cache_swap_low 80
cache_swap_high 95


#Smp setting

workers 2

cpu_affinity_map process_numbers=1,2 cores=1,2

if ${process_number} = 1

pid_filename /accerater/logs/webcache3/opmizer1/cachea.pid
cache_swap_state /accerater/logs/webcache3/cachea_swap_log1
access_log stdio:/accerater/logs/webcache3/accessa.log squid
cache_log /accerater/logs/webcache3/cachea.log
cache_store_log stdio:/accerater/logs/webcache3/storea.log1
cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number}
10200 16 64 min-size=262145
coredump_dir /accerater/logs/webcache3/opmizer1
unlinkd_program /accerater/webcache3/libexec/unlinkd
unique_hostname maraservice1
snmp_port 3401

endif

if ${process_number} = 2
pid_filename /accerater/logs/webcache3/opmizer2/cacheb.pid
cache_swap_state /accerater/logs/webcache3/cacheb_swap_log
access_log stdio:/accerater/logs/webcache3/accessb.log squid
cache_log /accerater/logs/webcache3/cacheb.log1
cache_store_log stdio:/accerater/logs/webcache3/storeb.log1
cache_dir aufs /accerater/webcache3/storage/aufs2/${process_number}
10200 16 64 min-size=262145
coredump_dir /accerater/logs/webcache3/opmizer2
unlinkd_program /accerater/webcache3/libexec/unlinka
unique_hostname maraservice2
snmp_port 3402


endif



___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] i config rock at smp mode just now , but i find some error. FATAL: Rock cache_dir at /squid/storage/rock1/rock failed to open db file: (11) Resource temporarily unavailable

[johnzeng]

Hi all

i config rock at smp mode just now , but i find some error.

if possible , please help me to analyze the error info , and give me
some advisement

show error info via squid -z


2015/03/05 11:35:46 kid1| Creating missing swap directories
2015/03/05 11:35:46 kid3| Skipping existing Rock db:
/squid/storage/rock1/rock

show error info squid -d1

2015/03/05 11:30:28 kid1| ERROR: /squid/storage/rock1/rock communication
channel establishment timeout
FATAL: Rock cache_dir at /squid/storage/rock1/rock failed to open db
file: (11) Resource temporarily unavailable



this is my config about rock part

workers 2
cpu_affinity_map process_numbers=1,2 cores=1,2

cache_dir rock /squid/storage/rock1 2646 min-size=4096 max-size=262144
max-swap-rate=250 swap-timeout=350


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] (sloved)Re: i config rock at smp mode just now , but i find some error. FATAL: Rock cache_dir at /squid/storage/rock1/rock failed to open db file: (11) Resource temporarily unavailable

[johnzeng]

Hello Dear all

i sloved the problem , master reason is http_port Conflict with other
application port , it will cause to show these error info .

ERROR: /squid/storage/rock1/rock communication
channel establishment timeout









 Hi all

 i config rock at smp mode just now , but i find some error.

 if possible , please help me to analyze the error info , and give me
 some advisement

 show error info via squid -z


 2015/03/05 11:35:46 kid1| Creating missing swap directories
 2015/03/05 11:35:46 kid3| Skipping existing Rock db:
 /squid/storage/rock1/rock

 show error info squid -d1

 2015/03/05 11:30:28 kid1| ERROR: /squid/storage/rock1/rock communication
 channel establishment timeout
 FATAL: Rock cache_dir at /squid/storage/rock1/rock failed to open db
 file: (11) Resource temporarily unavailable



 this is my config about rock part

 workers 2
 cpu_affinity_map process_numbers=1,2 cores=1,2

 cache_dir rock /squid/storage/rock1 2646 min-size=4096 max-size=262144
 max-swap-rate=250 swap-timeout=350





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Redirecting traffic to fake parent

[johnzeng]

Hello Dear Sebastian:

 i am thinking about node.js + squid at 
isp environment for video file cache or big file cache recently ,


 Which useful public info will we will 
obtain from internet ?


 if you have any helpful website about 
nodejs ( for example: gatejs or other ) , and if you think it will share 
with other people ,


 please give me some advisement , maybe 
we can develop the part together for everyone's different goal



 Best Regareds

 john

于 2015年03月04日 04:35, Sebastian Goicochea 写道:

Hello everyone, I'm experimenting with cache_peer directive and node.js:

cache_peer 10.0.0.90 parent  0 no-query no-digest proxy-only 
name=test


in that port I have a node.js Proxy receiveing connections in the same 
host, it extracts some information I need and saves it to a DB, then 
redirects Squid with a 302 response with some garbage added to the 
url. I use that garbage to match an access list so I can prevent looping.


Squid is working in transparent mode, the problem I'm facing is that 
if I don't configure a tcp_outgoing_address Squid does not reach port 
 on localhost. If I set a tcp_outgoing_address Squid can reach 
localhost: but with his own IP address and I need it to be 
transparent, I need the real client IP address.


Is there a way to configure tcp_outgoing_address to use the client's 
IP when fetching something?


Some config lines that might help:

acl donotredirect url_regex .*56498765123168.*
cache_peer_access test deny donotredirect

acl kk url_regex .*redirectthisstuff.*
cache_peer_access test allow kk
cache_peer_access test deny all
never_direct deny donotredirect
never_direct allow kk



Thanks for your time

Sebastian
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] WARNING: disk-cache maximum object size is too large for mem-cache: 102400.00 KB 90.00 KB

[johnzeng]

Hi :

Thanks Amos Jeffries, i updated to squid 3.5.2 and

tested QQ and other application at two different environment ( between
intercept and tproxy ) in according to your advisement .

result is ok as your saying .

Thanks again .

but i checked cache log and found ( WARNING: disk-cache maximum object
size is too large for mem-cache: 102400.00 KB  90.00 KB

Whether there are some error at my config ??




this is my config

-


minimum_object_size 1 KB
maximum_object_size 100 MB
maximum_object_size_in_memory 90 KB

cache_swap_low 80
cache_swap_high 95


#Smp setting

workers 2

cpu_affinity_map process_numbers=1,2 cores=1,2

if ${process_number} = 1

pid_filename /accerater/logs/webcache3/opmizer1/cachea.pid
cache_swap_state /accerater/logs/webcache3/cachea_swap_log1
access_log stdio:/accerater/logs/webcache3/accessa.log squid
cache_log /accerater/logs/webcache3/cachea.log
cache_store_log stdio:/accerater/logs/webcache3/storea.log1
cache_dir aufs /accerater/webcache3/storage/aufs1/${process_number}
10200 16 64 min-size=262145
coredump_dir /accerater/logs/webcache3/opmizer1
unlinkd_program /accerater/webcache3/libexec/unlinkd
unique_hostname maraservice1
snmp_port 3401

endif

if ${process_number} = 2
pid_filename /accerater/logs/webcache3/opmizer2/cacheb.pid
cache_swap_state /accerater/logs/webcache3/cacheb_swap_log
access_log stdio:/accerater/logs/webcache3/accessb.log squid
cache_log /accerater/logs/webcache3/cacheb.log1
cache_store_log stdio:/accerater/logs/webcache3/storeb.log1
cache_dir aufs /accerater/webcache3/storage/aufs2/${process_number}
10200 16 64 min-size=262145
coredump_dir /accerater/logs/webcache3/opmizer2
unlinkd_program /accerater/webcache3/libexec/unlinka
unique_hostname maraservice2
snmp_port 3402


endif

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] if i use squid 3.5.2 , which part is stable between coss and rock for operating small http object .

[johnzeng]

Hi Amos Jeffries:

   Thanks again .

  because squid 2.7 stable 9 can support coss 
for small http object , if i use  squid 3.5.2 ,


   which part is stable between coss and rock 
for operating small http object ?



   Whether squid 3.5.2 can support wccp ?


Best Regards

 John



于 2015年02月28日 11:42, Amos Jeffries 写道:

On 28/02/2015 4:18 p.m., johnzeng wrote:

Hi all :



i meet a problem ,Squid cannot currently deal with such connections (
non-HTTP connections ) based 80 port , and We get some error ,

Unsupported Request Method and Protocol'' for https URLs..

NOTE: HTTPS never goes over port 80.

HTTPS native port is 443, and when proxied uses the proxy port.

Intercepted HTTPS traffic MUST NOT be delivered to a http_port listening
port in Squid. Use https_port instead.


i search via www.ask.com , but i don't good way .

if possible ,i hope to use squid 2.7 stable9 , Maybe it will be stable version 
untile now .

Whether we can resolve the problem via other tunnel tools + squid 2.7 ( for 
example:
http://www.nocrew.org/software/httptunnel.html ) or
http://desproxy.sourceforge.net http://desproxy.sourceforge.net/


Current stable version is 3.5.2. Please use that.

Particularly if you are intercepting HTTPS traffic. There is an arms
race going on between people trying to use HTTPS for security and people
trying to filter it. Things are changing rapidly.

Amos

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] i meet a problem , --- Unsupported Request Method and Protocol'' for such connections ( non-HTTP connections ) based 80 port ----, if possible , please give me some advisement or hel

[johnzeng]

Hello  Eliezer:

   Thanks for your reply ,  although squid 2.7 
stables 9 don't support Tproxy really , but We realize the function via 
patch third patch .


   Why we meet the problem (  Unsupported Request 
Method and Protocol ) ?  although some special application communicate 
based 80 port ,


   they don't use http protocol or they change http 
protocol and method isn't GET OR POST . for example : QQ application and 
some QQ game .


   But squid don't support other protocol except 
normal http protocol  or don't support other method except GET .. of 
http protocol , for example HEAD.


   So if it's a transparent proxy , and you will 
access these application , We have to face the problem .


  Why i don't use highest version ago , include 
squid 3.5.2 ,


  because  squid 2.7 stable 9 can support coss for 
small http object


  and We don't confirm whether squid 3.5.2 can 
support small http object via rock or coss .


 i know these are some function ( 
on_unsupported_protocol ) in 3.HEAD and ,


 it won't be very stable or we have to use 
trunk-non-HTTP-bypass-v8.patch for squid 3.5.2


http://www.squid-cache.org/Versions/v3/3.HEAD/cfgman/on_unsupported_protocol.html


Thanks again for your reply


   Why



于 2015年03月01日 05:45, Eliezer Croitoru 写道:

Hey,

It is a bit hard to understand the scenario but I assume it's a 
transparent proxy for port 80? right?


In any case what so ever squid 2.7 is old and preferably should not be 
used in production unless there is a very specific need for it while 
taking into account the advantages and disadvantages.


If you search via www.ask.com it should work on any version of squid 
like it worked for me in the last who knows how many years.


The best start point would be to get couple lines from the access.log 
and a description of the network infrastructure.

(consider to replace\remove any confidential information)

All The Bests,
Eliezer Croitoru

On 28/02/2015 05:18, johnzeng wrote:

Hi all :



i meet a problem ,Squid cannot currently deal with such connections (
non-HTTP connections ) based 80 port , and We get some error ,

Unsupported Request Method and Protocol'' for https URLs..

i search viawww.ask.com  , but i don't good way .

if possible ,i hope to use squid 2.7 stable9 , Maybe it will be 
stable version untile now .


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] i meet a problem , --- Unsupported Request Method and Protocol'' for such connections ( non-HTTP connections ) based 80 port ----, if possible , please give me some advisement or help

[johnzeng]

Hi all :



i meet a problem ,Squid cannot currently deal with such connections (
non-HTTP connections ) based 80 port , and We get some error ,

Unsupported Request Method and Protocol'' for https URLs..

i search via www.ask.com , but i don't good way .

if possible ,i hope to use squid 2.7 stable9 , Maybe it will be stable version 
untile now .

Whether we can resolve the problem via other tunnel tools + squid 2.7 ( for 
example:
http://www.nocrew.org/software/httptunnel.html ) or
http://desproxy.sourceforge.net http://desproxy.sourceforge.net/



 if possible , please give me some advisement .


This is some detail , but i don't any way

11.45 ``Unsupported Request Method and Protocol'' for https URLs.

Note: The information here is current for version 2.3.

This is correct. Squid does not know what to do with an https URL. To
handle such a URL, Squid would need to speak the SSL protocol.
Unfortunately, it does not (yet).

Normally, when you type an https URL into your browser, one of two
things happens.

1. The browser opens an SSL connection directly to the origin server.
2. The browser tunnels the request through Squid with the CONNECT
request method.

The CONNECT method is a way to tunnel any kind of connection through an
HTTP proxy. The proxy doesn't understand or interpret the contents. It
just passes bytes back and forth between the client and server. For the
gory details on tunnelling and the CONNECT method, please see RFC 2817
and Tunneling TCP based protocols through Web proxy servers (expired).





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror

[johnzeng]

Hi , i have a switch , and i hope to redirect video traffic to Cache via
using Port mirroring feature , and monitoring network traffic that
involves forwarding a copy of

each packet from one network switch.


Whether Squid 2.7 can listen and identify mirroring data packet ?

if Squid 2.7 can identify , i hope to match video part and send 302 http
packet to end user via url_rewrite_access and redirect the user's
request to Cache

Whether my thought is correct way ?


Or Whether we can realize the goal via dansguardian + squid or
squidguard + squid or icap +squid  ?

if possible , please help me .


***

url_rewrite_program /cache/video_operation
url_rewrite_children 10

acl location_rewrite_video url_regex -i
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/video\/.*\.(m4v|flv|mp4|wmv|rm|ram|mov|avi|mp3)\?nk=

url_rewrite_access allow location_rewrite_video

这是part program of video_operation

int video(string *domain, string *urlf)
{
if(regexMatch(^http://[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\/video/;,
*urlf)){
if(regexMatch(\\.(flv|mp4)$,*urlf) ||
regexMatch(\\.(flv|mp4)\\?start=, *urlf)){
*urlf = http://192.168.2.6/video/; + get_foldername(*urlf, 1) + / +
get_filename(*urlf);
} else if (regexMatch(\\.(flv|mp4)\\?special=true$,*urlf)) {
//redirect sphotos and photos-[a-z] to the same url
*urlf = *domain +/ + .video/ + get_foldername(*urlf, 1) + / +
get_filename(*urlf) + ?special=true;
}
else if (regexMatch(\\.(flv|mp4)\\?nk=,*urlf)) { //redirect sphotos
and photos-[a-z] to the same url
*urlf = 302:http://192.168.2.6/video/; + get_foldername(*urlf, 1) + /
+ get_filename(*urlf);
}
return 1;
}
return 0;
}

[squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror

[johnzeng]

于 2014年08月28日 23:51, johnzeng 写道:
 Hi , i have a switch , and i hope to redirect video traffic to Cache via
 using Port mirroring feature , and monitoring network traffic that
 involves forwarding a copy of

 each packet from one network switch.


 Whether Squid 2.7 can listen and identify mirroring data packet ?

 if Squid 2.7 can identify , i hope to match video part and send 302 http
 packet to end user via url_rewrite_access and redirect the user's
 request to Cache

 Whether my thought is correct way ?


 Or Whether we can realize the goal via dansguardian + squid or
 squidguard + squid or icap +squid  ?

 if possible , please help me .


 ***

 url_rewrite_program /cache/video_operation
 url_rewrite_children 10

 acl location_rewrite_video url_regex -i
 ^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/video\/.*\.(m4v|flv|mp4|wmv|rm|ram|mov|avi|mp3)\?nk=

 url_rewrite_access allow location_rewrite_video

 这是part program of video_operation

 int video(string *domain, string *urlf)
 {
 if(regexMatch(^http://[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\/video/;,
 *urlf)){
 if(regexMatch(\\.(flv|mp4)$,*urlf) ||
 regexMatch(\\.(flv|mp4)\\?start=, *urlf)){
 *urlf = http://192.168.2.6/video/; + get_foldername(*urlf, 1) + / +
 get_filename(*urlf);
 } else if (regexMatch(\\.(flv|mp4)\\?special=true$,*urlf)) {
 //redirect sphotos and photos-[a-z] to the same url
 *urlf = *domain +/ + .video/ + get_foldername(*urlf, 1) + / +
 get_filename(*urlf) + ?special=true;
 }
 else if (regexMatch(\\.(flv|mp4)\\?nk=,*urlf)) { //redirect sphotos
 and photos-[a-z] to the same url
 *urlf = 302:http://192.168.2.6/video/; + get_foldername(*urlf, 1) + /
 + get_filename(*urlf);
 }
 return 1;
 }
 return 0;
 }

Re: [squid-users] Whether we can redirect video traffic to squid 2.7 via porting mirror

[johnzeng]

I see , but it will be normal way , we can redirect full http traffic 
via route-map or Wccp ,


but if we redirect part video traffic only , porting mirror + 302 http 
packet will be safe way .





On Thursday 28 August 2014 at 17:51:04 (EU time), johnzeng wrote:

Hi , i have a switch , and i hope to redirect video traffic to Cache via
using Port mirroring feature
Whether Squid 2.7 can listen and identify mirroring data packet ?

You can't just feed traffic in to Squid - it has to request it, otherwise it
won't have a clue what to do with it.


if Squid 2.7 can identify , i hope to match video part and send 302 http
packet to end user via url_rewrite_access and redirect the user's
request to Cache

Why not just tell the client to use Squid as a proxy?

Then:

  - Squid will make the requests and know what to do with the response traffic 
it
gets back

  - you don't need to send a 302 redirect to the client; it'll just get the
cached content automatically

  - clients will get the benefits of caching for everything else, as well as the
video


In other words, why not just set up Squid normally?


Antony.

Re: [squid-users] sorry, i updated my email mode, and i have a question about wccp

[johnzeng]

Hello Dear Eliezer:

Thanks , i build squid2.7stable9 at ubuntu

and i prepare to realize wccp at http_port 3128 transparent( but this
is interception mode only ) at firep step.

second step is wccp at  http_port 3128 transparent tproxy  ( it will
is transparent mode ) .


although i search more info for realizing wccp interception mode , but i
don't find good way until now .


But thanks for your advisement again.


John

于 2014年07月11日 15:08, Eliezer Croitoru 写道:
 What OS are you using?
 Did you had the chance of looking at:
 http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2

 Eliezer

 On 07/11/2014 07:09 AM, johnzeng wrote: Hello Dear Everyone:
 i config wccp mode recently , but i found http request don't succeed
 to be sent via gre tunnel at wccp mode .

 This is my config , if possible , give me some advisement , Thanks
 again.


 19:36:58.728514 IP 192.168.5.66.37225  180.149.132.165.http: Flags
 [F.], seq 0, ack 1, win 108, length 0
 19:37:00.304327 IP 192.168.5.66.41485 
 rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq
 2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr
 0,nop,wscale 6], length 0
 19:37:00.976403 IP 192.168.5.66.40789  202.104.237.103.http: Flags
 [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139
 ecr 0,nop,wscale 6], length 0
 19:37:03.597139 IP 192.168.5.66.58461  101.226.142.33.http: Flags
 [.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr
 2556809136], length 0
 19:37:03.806973 IP 192.168.5.66.58461  101.226.142.33.http: Flags
 [.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr
 2556809198,nop,nop,sack 1 {0:1}], length 0
 19:37:03.976184 IP 192.168.5.66.40789  202.104.237.103.http: Flags
 [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889
 ecr 0,nop,wscale 6],


 19:06:33.356333 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.388306 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.388565 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.604188 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:38.187049 IP 192.168.5.1  192.168.2.2: GREv0, length 60:
 gre-proto-0x883e
 19:06:41.931862 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:42.434829 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:55.047736 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e



 *Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
 w/bad rcv_id 
 *Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 2378
 *Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local),
 d=192.168.2.2 (Ethernet1/0), routed via FIB
 *Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2
 (Ethernet1/0), len 168, sending
 *Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local),
 d=192.168.5.66 (FastEthernet0/1), routed via FIB
 *Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local),
 d=192.168.5.66 (FastEthernet0/1), routed via FIB

 *Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
 d=192.168.2.1 (Ethernet1/0), routed via RIB
 *Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1
 (Ethernet1/0), len 172, rcvd 3
 *Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet
 from 192.168.2.2 w/rcv_id 2378
 *Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 2379
 *Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local),
 d=192.168.2.2 (Ethernet1/0), routed via FIB
 *Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2
 (Ethernet1/0), len 168, sending
 *Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
 d=192.168.5.1 (FastEthernet0/1), routed via RIB
 *Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1,
 len 172, rcvd 4
 *Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
 w/bad rcv_id 
 *Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 237A






 
 squid config
 

 wccp2_router 192.168.2.2

 wccp2_address 192.168.0.1 #interface ip address

 wccp_version 4

 wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2

 wccp2_return_method 1 # Gre for 1 L2rewriting for 2

 wccp2_assignment_method 1 Gre for 1 L2rewriting for 2

 wccp2_weight 5

 *
 other environment ( ip tunnel  iptables )
 *

 first step

 modprobe ip_gre

 ip tunnel add wccp0 mode gre remote 192.168.5.1 local 192.168.2.2
 dev eth1

 second step

 ip addr add 10.1.1.2/24 dev wccp0
 ip route add 10.1.1.0/24 dev wccp0
 ip link set wccp0 up

 Or

 ifconfig wccp0 10.1.1.2 netmask

[squid-users] sorry, i updated my email mode, and i have a question about wccp

[johnzeng]

Hello Dear Everyone:

 i config wccp mode recently , but i found http request don't succeed
 to be sent via gre tunnel at wccp mode .

 This is my config , if possible , give me some advisement , Thanks again.



 19:36:58.728514 IP 192.168.5.66.37225  180.149.132.165.http: Flags
 [F.], seq 0, ack 1, win 108, length 0
 19:37:00.304327 IP 192.168.5.66.41485 
 rev.opentransfer.com.28.147.130.98.in-addr.arpa.http: Flags [S], seq
 2204475760, win 5840, options [mss 1460,sackOK,TS val 3757970 ecr
 0,nop,wscale 6], length 0
 19:37:00.976403 IP 192.168.5.66.40789  202.104.237.103.http: Flags
 [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758139
 ecr 0,nop,wscale 6], length 0
 19:37:03.597139 IP 192.168.5.66.58461  101.226.142.33.http: Flags
 [.], ack 2180972149, win 227, options [nop,nop,TS val 3758794 ecr
 2556809136], length 0
 19:37:03.806973 IP 192.168.5.66.58461  101.226.142.33.http: Flags
 [.], ack 1, win 227, options [nop,nop,TS val 3758846 ecr
 2556809198,nop,nop,sack 1 {0:1}], length 0
 19:37:03.976184 IP 192.168.5.66.40789  202.104.237.103.http: Flags
 [S], seq 2214840108, win 5840, options [mss 1460,sackOK,TS val 3758889
 ecr 0,nop,wscale 6],


 19:06:33.356333 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.388306 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.388565 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:33.604188 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:38.187049 IP 192.168.5.1  192.168.2.2: GREv0, length 60:
 gre-proto-0x883e
 19:06:41.931862 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:42.434829 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e
 19:06:55.047736 IP 192.168.5.1  192.168.2.2: GREv0, length 48:
 gre-proto-0x883e



 *Mar 8 12:48:05.300: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
 w/bad rcv_id 
 *Mar 8 12:48:05.300: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 2378
 *Mar 8 12:48:05.300: IP: tableid=0, s=192.168.2.1 (local),
 d=192.168.2.2 (Ethernet1/0), routed via FIB
 *Mar 8 12:48:05.304: IP: s=192.168.2.1 (local), d=192.168.2.2
 (Ethernet1/0), len 168, sending
 *Mar 8 12:48:05.580: IP: tableid=0, s=192.168.5.1 (local),
 d=192.168.5.66 (FastEthernet0/1), routed via FIB
 *Mar 8 12:48:05.584: IP: tableid=0, s=192.168.5.1 (local),
 d=192.168.5.66 (FastEthernet0/1), routed via FIB

 *Mar 8 12:48:15.119: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
 d=192.168.2.1 (Ethernet1/0), routed via RIB
 *Mar 8 12:48:15.119: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.2.1
 (Ethernet1/0), len 172, rcvd 3
 *Mar 8 12:48:15.123: WCCP-PKT:S00: Received valid Here_I_Am packet
 from 192.168.2.2 w/rcv_id 2378
 *Mar 8 12:48:15.123: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 2379
 *Mar 8 12:48:15.123: IP: tableid=0, s=192.168.2.1 (local),
 d=192.168.2.2 (Ethernet1/0), routed via FIB
 *Mar 8 12:48:15.123: IP: s=192.168.2.1 (local), d=192.168.2.2
 (Ethernet1/0), len 168, sending
 *Mar 8 12:48:15.299: IP: tableid=0, s=192.168.2.2 (Ethernet1/0),
 d=192.168.5.1 (FastEthernet0/1), routed via RIB
 *Mar 8 12:48:15.299: IP: s=192.168.2.2 (Ethernet1/0), d=192.168.5.1,
 len 172, rcvd 4
 *Mar 8 12:48:15.299: WCCP-EVNT:S00: Here_I_Am packet from 192.168.2.2
 w/bad rcv_id 
 *Mar 8 12:48:15.299: WCCP-PKT:S00: Sending I_See_You packet to
 192.168.2.2 w/ rcv_id 237A






 
 squid config
 

 wccp2_router 192.168.2.2

 wccp2_address 192.168.0.1 #interface ip address

 wccp_version 4

 wccp2_forwarding_method 1 # Gre for 1 L2rewriting for 2

 wccp2_return_method 1 # Gre for 1 L2rewriting for 2

 wccp2_assignment_method 1 Gre for 1 L2rewriting for 2

 wccp2_weight 5

 *
 other environment ( ip tunnel  iptables )
 *

 first step

 modprobe ip_gre

 ip tunnel add wccp0 mode gre remote 192.168.5.1 local 192.168.2.2 dev eth1


 second step

 ip addr add 10.1.1.2/24 dev wccp0
 ip route add 10.1.1.0/24 dev wccp0
 ip link set wccp0 up

 Or

 ifconfig wccp0 10.1.1.2 netmask 255.255.255.0 up
 route add -net 10.1.1.0 netmask 255.255.255.0 dev wccp0


 third step

 echo 0 /proc/sys/net/ipv4/conf/wccp0/rp_filter
 echo 0 /proc/sys/net/ipv4/conf/eth1/rp_filter
 echo 1  /proc/sys/net/ipv4/ip_forward

 fouth step

 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT
 iptables -A INPUT -i wccp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -i wccp0 -j ACCEPT
 iptables -t nat -A PREROUTING -i wccp0 -p tcp -m tcp --dport 80 -j
 REDIRECT --to-ports 3128
 iptables -t nat -A POSTROUTING -o eth1 -j SNAT