On Mon, Jun 6, 2011 at 15:25, Jim Pingle <li...@pingle.org> wrote:

> On 6/6/2011 5:43 AM, Odhiambo Washington wrote:
> > On Sun, Jun 5, 2011 at 18:04, Jim Pingle <li...@pingle.org
> [snip]
> >     http://forum.pfsense.org/index.php/topic,32923.msg191044.html
> [snip]
>
> > So in essence, we need:
> >
> > (12:25:03 <~>) 0 $ diff squid.inc squid.inc.local
> > 527c527
> > < }
> > ---
> >>       }
> > 813,814c813,814
> > < acl all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0>
> > < acl localhost src 127.0.0.1/255.255.255.255
> > <http://127.0.0.1/255.255.255.255>
> > ---
> >> acl all src all
> >> acl localhost src 127.0.0.1/32 <http://127.0.0.1/32>
>
> We have that now. Have since the middle of May:
>
> 2866d3ae config/squid3/squid.inc   (jim-p         2011-05-18 11:57:21
> -0400  807) acl all src all
>
> > 903c903
> > <       $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny
> > all\n";
> > ---
> >>       $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " all\n";
>
> We do that now. Have since late May:
> 54c49bf2 config/squid3/squid.inc   (jim-p         2011-05-25 14:39:07
> -0400  898)               $conf .= 'reply_body_max_size ' . ($down_limit
> * 1024) . " all \n";
>
> > Another issue with regard to squid 3.1.x concerns this block in
> squid.inc:
> >
> >         if ($settings['allow_interface'] == 'on') {
> >                 $src = '';
> >                 foreach ($real_ifaces as $iface) {
> >                         list($ip, $mask) = $iface;
> >                         $ip = long2ip(ip2long($ip) & ip2long($mask));
> >                         $src .= " $ip/$mask";
> >                 }
> >                 $conf .= "# Allow local network(s) on interface(s)\n";
> >                 $conf .= "acl localnet src $src\n";
> >                 $valid_acls[] = 'localnet';
> >         }
> >
> >
> > For squid 3.x netmasks are deprecated. CIDR masks are used instead.
>
> Looks like that was also changed mid-May...
> 2866d3ae config/squid3/squid.inc   (jim-p         2011-05-18 11:57:21
> -0400  677)                       $mask = 32-log((ip2long($mask) ^
> ip2long('255.255.255.255'))+1,2);
>
>
> > So, someone needs to change something in this block:-)
> >
> > Plus - could the package maintainer keep upto date with the squid
> > branch? It's lagging much behind.
>
> Well there is no active maintainer of Squid 3. I poke at it now and then
> when people submit patches, but I don't have any sort of focus on it, as
> 2.7.x does what I want and it's stable.
>
> The current package is at 3.1.9 which is a couple months behind, but not
> ancient. The FreeBSD port is up to 3.1.12. The tags are on the package
> to build it automatically, but it may not be happening since the squid
> 2.7.x build is probably conflicting with it. If I get some time I may
> compile a new copy in a VM and upload it, but it may not be any time soon.
>
> I did find a couple things off in the xml for which files it was
> pulling. I'll commit a fix here in a few. Try to reinstall it later today.
>
> Jim
>

Thanks, Jim, for all the hard work you are doing. I will try to reinstall
later today and see what comes up.

I hope you did see my email after this one you have responded to, which
contained detailed explanations
about this reply_body_max_size.
I must say I am still a little confused about the correct params for that
directive, even after the explanation
I got from squid-dev.

At the moment, my squid.conf contains:

reply_body_max_size 307200 KB all

It still mesmerizes me how it works, but my understanding seems to suggest
that what we need in squid.inc is:

 $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " KB" . " all\n";

... which is what I am working with now.

Once again, thanks for taking this up.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
I can't hear you -- I'm using the scrambler.
Please consider the environment before printing this email.

<<image001.png>>

Reply via email to