On Mon, Jun 6, 2011 at 15:25, Jim Pingle <li...@pingle.org> wrote: > On 6/6/2011 5:43 AM, Odhiambo Washington wrote: > > On Sun, Jun 5, 2011 at 18:04, Jim Pingle <li...@pingle.org > [snip] > > http://forum.pfsense.org/index.php/topic,32923.msg191044.html > [snip] > > > So in essence, we need: > > > > (12:25:03 <~>) 0 $ diff squid.inc squid.inc.local > > 527c527 > > < } > > --- > >> } > > 813,814c813,814 > > < acl all src 0.0.0.0/0.0.0.0 <http://0.0.0.0/0.0.0.0> > > < acl localhost src 127.0.0.1/255.255.255.255 > > <http://127.0.0.1/255.255.255.255> > > --- > >> acl all src all > >> acl localhost src 127.0.0.1/32 <http://127.0.0.1/32> > > We have that now. Have since the middle of May: > > 2866d3ae config/squid3/squid.inc (jim-p 2011-05-18 11:57:21 > -0400 807) acl all src all > > > 903c903 > > < $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny > > all\n"; > > --- > >> $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " all\n"; > > We do that now. Have since late May: > 54c49bf2 config/squid3/squid.inc (jim-p 2011-05-25 14:39:07 > -0400 898) $conf .= 'reply_body_max_size ' . ($down_limit > * 1024) . " all \n"; > > > Another issue with regard to squid 3.1.x concerns this block in > squid.inc: > > > > if ($settings['allow_interface'] == 'on') { > > $src = ''; > > foreach ($real_ifaces as $iface) { > > list($ip, $mask) = $iface; > > $ip = long2ip(ip2long($ip) & ip2long($mask)); > > $src .= " $ip/$mask"; > > } > > $conf .= "# Allow local network(s) on interface(s)\n"; > > $conf .= "acl localnet src $src\n"; > > $valid_acls[] = 'localnet'; > > } > > > > > > For squid 3.x netmasks are deprecated. CIDR masks are used instead. > > Looks like that was also changed mid-May... > 2866d3ae config/squid3/squid.inc (jim-p 2011-05-18 11:57:21 > -0400 677) $mask = 32-log((ip2long($mask) ^ > ip2long('255.255.255.255'))+1,2); > > > > So, someone needs to change something in this block:-) > > > > Plus - could the package maintainer keep upto date with the squid > > branch? It's lagging much behind. > > Well there is no active maintainer of Squid 3. I poke at it now and then > when people submit patches, but I don't have any sort of focus on it, as > 2.7.x does what I want and it's stable. > > The current package is at 3.1.9 which is a couple months behind, but not > ancient. The FreeBSD port is up to 3.1.12. The tags are on the package > to build it automatically, but it may not be happening since the squid > 2.7.x build is probably conflicting with it. If I get some time I may > compile a new copy in a VM and upload it, but it may not be any time soon. > > I did find a couple things off in the xml for which files it was > pulling. I'll commit a fix here in a few. Try to reinstall it later today. > > Jim >
Thanks, Jim, for all the hard work you are doing. I will try to reinstall later today and see what comes up. I hope you did see my email after this one you have responded to, which contained detailed explanations about this reply_body_max_size. I must say I am still a little confused about the correct params for that directive, even after the explanation I got from squid-dev. At the moment, my squid.conf contains: reply_body_max_size 307200 KB all It still mesmerizes me how it works, but my understanding seems to suggest that what we need in squid.inc is: $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " KB" . " all\n"; ... which is what I am working with now. Once again, thanks for taking this up. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. Please consider the environment before printing this email.
<<image001.png>>