Re: about squid
On Monday 10 March 2003 13.27, atit_ldce wrote: I have confusion abt following in squid.. what is purpose of delay variable in icpUdpsend in icp_v2.c Keeps track of how long Squid has been trying to send this message out on the ICP socket. what is purpose of _StatCounters struct in squid.. This keeps various statistics counters. why we are maintaining ICP message counts (means query send , reply received etc...) Because administrators want to know., what is purpose of reqnum field in icp_common_t --it metioned that it for udp but purpose is not clear. It is the ICP Request Number which uniquely identifies one ICP query from another. can u explain in icpHandleICPv2 function how ICP_QUERY message is handled... Can you be a bit more specific on what in the function it is you do not understand? what is purpose of icpGetCacheKey and icpSetCacheKey, StoreKeyPublic. StoreKeyPublic calculates the Squid internal key for a given URL. icpGetCacheKey calculates a ICP internal query key identifying this query (combination of StoreKeyPublic and the ICP Request Numnber). icpSetCacheKey gives a unique ICP Request Number to use for this ICP query and remembers the Squid cache key relating to this ICP kery. is it possbile to install squid with some different name in its directory structure means for e.g. i want directory name /etc/XYZ instead of /etc/squid and simmilar for other directories and binary of squid.. Yes. See configure --help. Regards Henrik
Re: about peer selection
see peerSelectFoo() and our earlier discussions. Regards Henrik On Monday 10 March 2003 13.54, atit_ldce wrote: what are the all possible options for selecting peer where to forward request. saying one is sending ICP query is there any others? if origin server is taken into account please mention it. regards --atit jariwala ___ __ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
about client connection
how squid will handle client Connection squid is listening on port 3128 for client request. does it create another connection for client request or use 3128 for all clients if it use 3128 for all clients, how it will handle concurrent user requests can u explain how connection wil be established in follwing scenario my machine IP is 192.9.20.54 squid box IP is 192.9.203.139 my default gw is 192.9.203.203 i enter www.yahoo.com in browser. how my browser handle this request and how request commes to squid? i am running squid in transparent mode. i read docs for transparent setup in squid and it is clear. now i want to know the flow of request. waiting for reply thanks regards atit _ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
Re: about client connection
On Tue, 2003-03-11 at 02:39, atit_ldce wrote: now i want to know the flow of request. atit, you are asking a lot of questions that about 10 minutes spent with gdb will answer for you. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
Re: Re : Re: about peer selection
The netdb registry keep track of round trip times and distances to origin servers measured by ICMP pinging. Both the distance from this Squid server to the origin servers and the distance from the peers to the origin servers are recorded. More information can be found in Squid FAQ 7.6 Using ICMP to Measure the Network url:http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.6 Note: I don't normally make use of netdb in Squid due to the overhead and excess traffic involved from using ICMP to probe the network connectivity. Regards Henrik mån 2003-03-10 klockan 16.15 skrev atit_ldce: hello Henrik Nordstrom , thanks for reply... i am clear with how it select neighbor but i want to know abt netdbxxx what is purpose of netdbxxx functions thanks regards atit - Original Message - From: Henrik Nordstrom [EMAIL PROTECTED] To: atit_ldce [EMAIL PROTECTED],[EMAIL PROTECTED] Sent: Mon Mar 10 13:42:59 GMT+05:30 2003 Subject: Re: about peer selection see peerSelectFoo() and our earlier discussions. Regards Henrik On Monday 10 March 2003 13.54, atit_ldce wrote: what are the all possible options for selecting peer where to forward request. saying one is sending ICP query is there any others? if origin server is taken into account please mention it. regards --atit jariwala ___ __ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net _ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB
Re: Object naming conflict on nt branch
On Mon, 2003-03-10 at 15:07, Adrian Chadd wrote: On Sun, Mar 09, 2003, Robert Collins wrote: This happens on all Windows build environments: Cygwin, MinGW and MS Visual Studio. Dang. It's just *so hard* with MS polluting the namescape all the time. If we don't use the windows ACL type, just do this: Heh. Prefix everything with SQUID_ or squid_. Go namespace. Urk. Goodbye readability. Squid::ACL I'd consider ok, but only if we actually *use* the windows ACL type. Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
about cache disk size
how can i set cache disk size... on thing abt squid performance after cache disk be 75 - 80 % full, squid goes to degrade performance time required to process request and sending response will be too much high? what is the reason for this? regards atit _ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
Re: about cache disk size
mån 2003-03-10 klockan 19.09 skrev atit_ldce: how can i set cache disk size... See squid.conf or any of the available documentation on how to configure Squid. on thing abt squid performance after cache disk be 75 - 80 % full, squid goes to degrade performance Some, as Squid then starts recycling the cache storage and the disk starts to become somewhat fragmented. time required to process request and sending response will be too much high? not if Squid and the server Squid runs on is configured correctly for the request load and cache size you are having. what is the reason for this? In most cases incorrect hardware or software configuration, not allowing Squid to run correctly. In a few very rare cases because the proxy administrator are trying to push the hardware further than it can go. -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
[PATCH]: Linux Transparent Proxy
Hi, Here is the second cut of the linux tproxy patch aiming for inclusion with squid-2.5 branch. The diff is versus squid-2.5.STABLE1. Comments are most welcome :) The patch adds a new onoff config 'linux_tproxy' (if you configure with --enable-linux-tproxy) which when set will spoof the source address of outgoing server connections to be the same as the original client address. To take advantage of this code you need Linux 2.4 with netfilter and with the TPROXY patches installed from: http://www.balabit.com/downloads/tproxy/linux-2.4/ There are four small nits with the code: 1. Server persistent connections are mutually exclusive with this patch. This is because squid will use any connection to server X, but that pre-existing connection may be spoofed from a different users IP. 2. You must supply a tcp_outgoing_address in your squid.conf, this is because of some deep magic in the Linux TCP/IP stack. If anyone would like me to explain the reasons more thoroughly just ask. 3. Squid must run as root in order to do the connection spoofing bits. 4. I have not tested the autoconf stuff because both my debian and rh8 automakes and autoconfs (of varying versions) all failed for one reason or another. Anyone got any advice on what auto(conf|make) versions I should be using? Would you accept patches to make it work on my version (if they are correct of course)? TODO: o Fix server pconns. o Port all changes to cvs HEAD branch. o Attempt to fix connect(2) problem in kernel which requires bind(2) to local address. o Fix kernel space code so squid doesn't need to run as root. o TPROXY as it is breaks end-to-end requirement of the internet, need to develop a better API for controlling these features from userspace. Enjoy! :) -- // Gianni Tedesco (gianni at scaramanga dot co dot uk) lynx --source www.scaramanga.co.uk/gianni-at-ecsc.asc | gpg --import 8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D diff -ur squid-2.5.STABLE1.orig/configure.in squid-2.5.STABLE1.tproxy/configure.in --- squid-2.5.STABLE1.orig/configure.in Tue Sep 24 21:00:03 2002 +++ squid-2.5.STABLE1.tproxy/configure.in Mon Mar 10 16:07:42 2003 @@ -746,6 +746,17 @@ fi ]) +dnl Enable Linux transparent proxy support +AC_ARG_ENABLE(linux-tproxy, +[ --enable-linux-tproxy + Enable real Transparent Proxy support for Netfilter TPROXY.], +[ if test $enableval = yes ; then + echo Linux Netfilter/TPROXY enabled + AC_DEFINE(LINUX_TPROXY) + LINUX_TPROXY=yes + fi +]) + AM_CONDITIONAL(MAKE_LEAKFINDER, false) dnl Enable Leak Finding Functions AC_ARG_ENABLE(leakfinder, @@ -1153,6 +1164,7 @@ libc.h \ limits.h \ linux/netfilter_ipv4.h \ + linux/netfilter_ipv4/ip_tproxy.h \ malloc.h \ math.h \ memory.h \ @@ -1764,6 +1776,27 @@ sleep 10 fi +dnl Linux Netfilter/TPROXY support requires some specific header files +dnl Shamelessly copied from shamelessly copied from above +if test $LINUX_TPROXY ; then +AC_MSG_CHECKING(if TPROXY header files are installed) +# hold on to your hats... +if test $ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h = yes; then +LINUX_TPROXY=yes +AC_DEFINE(LINUX_TPROXY, 1) +else +LINUX_TPROXY=no +AC_DEFINE(LINUX_TPROXY, 0) +fi +AC_MSG_RESULT($LINUX_TPROXY) +fi +if test $LINUX_TPROXY = no ; then +echo WARNING: Cannot find TPROXY headers, you need to install the +echo tproxy package from: +echo - lynx http://www.balabit.com/downloads/tproxy/linux-2.4/; +sleep 10 +fi + if test -z $USE_GNUREGEX ; then case $host in *-sun-solaris2.[[0-4]]) diff -ur squid-2.5.STABLE1.orig/src/cf.data.pre squid-2.5.STABLE1.tproxy/src/cf.data.pre --- squid-2.5.STABLE1.orig/src/cf.data.pre Wed Sep 4 14:35:01 2002 +++ squid-2.5.STABLE1.tproxy/src/cf.data.pre Mon Mar 10 16:06:42 2003 @@ -3837,4 +3837,20 @@ until all the child processes have been started. DOC_END +NAME: linux_tproxy +IFDEF: LINUX_TPROXY +COMMENT: on|off +TYPE: onoff +LOC: Config.onoff.linux_tproxy +DEFAULT: off +DOC_START + If you have Linux 2.4 with netfilter and TPROXY support and you + have compiled squid with the correct options then you can enable + this option to allow squid to spoof the source address of + outgoing connections to servers so that they see connections from + the original client IP addresses. Enable this only if you know + what you are doing. You will need to disable server peristent + connections and set a valid tcp_outgoing_address. +DOC_END + EOF diff -ur squid-2.5.STABLE1.orig/src/client_side.c squid-2.5.STABLE1.tproxy/src/client_side.c --- squid-2.5.STABLE1.orig/src/client_side.c Mon Sep 23 05:04:03 2002 +++ squid-2.5.STABLE1.tproxy/src/client_side.c Mon Mar 10 16:06:03 2003 @@ -322,6 +322,7 @@ new_request-http_ver = old_request-http_ver; httpHeaderAppend(new_request-header, old_request-header); new_request-client_addr = old_request-client_addr; + new_request-client_port =
Re: [PATCH]: Linux Transparent Proxy
mån 2003-03-10 klockan 16.44 skrev Gianni Tedesco: Hi, Here is the second cut of the linux tproxy patch aiming for inclusion with squid-2.5 branch. The diff is versus squid-2.5.STABLE1. Comments are most welcome :) Thanks. Note: As discussed before Squid-2.5 is in it's STABLE release cycle and patches like this cannot get included there. A patch to HEAD has significantly higher chances of getting merged. 1. Server persistent connections are mutually exclusive with this patch. This is because squid will use any connection to server X, but that pre-existing connection may be spoofed from a different users IP. 2. You must supply a tcp_outgoing_address in your squid.conf, this is because of some deep magic in the Linux TCP/IP stack. If anyone would like me to explain the reasons more thoroughly just ask. This is deep magic in the TPROXY extension of the Linux TCP/IP stack I suppose? 3. Squid must run as root in order to do the connection spoofing bits. This should be solved by process capabilities in the long run.. 4. I have not tested the autoconf stuff because both my debian and rh8 automakes and autoconfs (of varying versions) all failed for one reason or another. RedHat 8 has the autoconf and automake packages needed in the distribution, but you may need to select to install the older versions used by Squid-2.5 manually. Anyone got any advice on what auto(conf|make) versions I should be using? Would you accept patches to make it work on my version (if they are correct of course)? I am using the following RedHat packages: autoconf-2.57-2 automake-1.6.3-3 autoconf213-2.13-5 automake15-1.5-5 the first two is used by HEAD. The last older packages by Squid-2.5. The automake15 package is manually patched with the optimization from http://devel.squid-cache.org/amake/ but this is not strictly required (src/Makefile.in will be huge if you don't). TODO: o Fix server pconns. o Port all changes to cvs HEAD branch. Required for merging. o Attempt to fix connect(2) problem in kernel which requires bind(2) to local address. o Fix kernel space code so squid doesn't need to run as root. As a first step CAP_NETADMIN should be used. o TPROXY as it is breaks end-to-end requirement of the internet, need to develop a better API for controlling these features from userspace. TPROXY falls in the same pit of evilness as interception when it comes to TCP/IP. Both break the end-to-end criteria of IP networking. Both require the network to be properly constructed to deal with the breakage, it is only that TPROXY (and other spoof as client) makes the question much more visible. -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
bug in ntlmauth.h?
Hi,
it looks like src/include/ntlmauth.h contains a typo:
...
/* Negotiation request sent by client */
typedef struct _ntlm_negotiate {
char signature[8];/* NTLMSSP */
int32_t type; /* LSWAP(0x1) */
ntlmhdr hdr;/* NTLM header */
u_int32_t flags; /* Request flags */
strhdr domain;/* Domain we wish to authenticate in */
strhdr workstation; /* Client workstation name */
char payload[256];/* String data */
} ntlm_negotiate;
...
should read
...
/* Negotiation request sent by client */
typedef struct _ntlm_negotiate {
char signature[8];/* NTLMSSP */
int32_t type; /* LSWAP(0x1) */
u_int32_t flags; /* Request flags */
strhdr domain;/* Domain we wish to authenticate in */
strhdr workstation; /* Client workstation name */
char payload[256];/* String data */
} ntlm_negotiate;
...
With the following line removed:
ntlmhdr hdr;/* NTLM header */
Am I wrong in reading it?
Ciao
Michele
Re: Windows port merge - MS Visual C++ compatibility [PATCH]
Hi Robert,
Il 13.12 09/03/2003 Robert Collins ha scritto:
On Sat, 2003-03-08 at 22:08, Guido Serassio wrote:
Hi,
This is the 6th of some splitted native Windows patches grouped by
functionality.
Native Windows port enhancements:
- C++ fixes for MS Visual C++ compatibility, See this old squid-dev thread
about:
http://www.squid-cache.org/mail-archive/squid-dev/200211/0249.html
- Some casting and prototypes fixes
{
-cbdataFree ((clientReplyContext *)address);
+clientReplyContext * tmp = (clientReplyContext *)address;
+cbdataFree (tmp);
}
This looks extraneous. What is the error that VS gives you? I'm
stripping this one out of what I'll merge into HEAD.
If I remember good, it gives an error C2105: '++' needs l-value too.
In this moment I can't build the nt branch for the ACL problem.
- some little DNS sources changes for a better build process using MS
Visual Studio.
Is there anyway we can avoid the whole file #ifdefs in VS ? I'm applying
this anyway, but as we get more modular, this is going to
becomeannoying.
Now on MS Visual Studio I'm using a manually changed autoconf.h with a
monolitich workspace, I don't have better ideas, but if someone propose
something more simple, I'm happy too ...
Can you enlarge on the TOS casts? They are going to affect all
platforms, I need to know what they are meant to achieve (i.e. why the
compilers implicit casting isn't enough).
MS Visual C++ is not happy without this cast, and from protos.h I can see:
SQUIDCEXTERN int comm_openex(int, int, struct in_addr, u_short, int,
unsigned char TOS, const char *);
so I don't see something of strange on casting TOS to unsigned char.
Regards
Guido
Other than that, I'm merging them patches in now.
Rob
--
GPG key available at: http://users.bigpond.net.au/robertc/keys.txt.
-
===
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: [EMAIL PROTECTED]
WWW: http://www.serassio.it
Re: Object naming conflict on nt branch
On Tue, 2003-03-11 at 07:51, Guido Serassio wrote: What is wrong ? I broke head merging ESI. I've fixed it now, and the next merge to the devel tree will bring across the fixes. Cheers, Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
Problem with origin server connections
Hi, Brian and I have been trying to puzzle out a problem we are having related to back end origin server connections initiated by squid. We have squid (2.5.stable1) set up in a reverse proxy configuration pointing at a group of origin servers which mount a number of NFS mounts to serve content from. What we are seeing is that when one of those NFS mount points locks up on the origin server, it will cause a seemingly permanent change to the number of connections and back end refreshes that the squid servers are sending to the origins. Restarting the squid listeners fixes it, but if we do not restart them, the number of connections and refreshes never returns to its normal state. This is true even if the NFS mount point comes back and the origin servers are restarted. I have seen this go on for over a day, when all of our timeouts are set in minutes and seconds not hours or days. I am curious to know why this behavior exists, and if there is anything that could be done about it? I am asking here rather than the squid user list, because I think it may be something fundamental to the way squid works and not a configuration issue. -- David Nicklay Location: CNN Center - SE0811A Office: 404-827-2698Cell: 404-545-6218
Re: Object naming conflict on nt branch
Hi Robert, Il 22.02 10/03/2003 Robert Collins ha scritto: On Tue, 2003-03-11 at 07:51, Guido Serassio wrote: What is wrong ? I broke head merging ESI. I've fixed it now, and the next merge to the devel tree will bring across the fixes. Are You sure that ESI merge is the source of my problem ? I don't have still merged latest ESI changes on nt branch. Regards Cheers, Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. - === Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it
Re: Windows port merge - MS Visual C++ compatibility [PATCH]
On Monday 10 March 2003 21.30, Guido Serassio wrote:
{
-cbdataFree ((clientReplyContext *)address);
+clientReplyContext * tmp = (clientReplyContext *)address;
+cbdataFree (tmp);
}
This looks extraneous. What is the error that VS gives you? I'm
stripping this one out of what I'll merge into HEAD.
If I remember good, it gives an error C2105: '++' needs l-value
too. In this moment I can't build the nt branch for the ACL
problem.
As said earlier the original code here is bad, and no compiler should
accept it..
The argument to cbdataFree MUST be a l-value. A typecasted value is a
r-value.
However, casting into a temporary variable is not correct either,
except for very special cases.
My question is why the cast is at all needed and from where address
is?
Regards
Henrik
Re: Object naming conflict on nt branch
On Monday 10 March 2003 21.51, Guido Serassio wrote:
ACLMaxUserIP.cc:51:77: macro max requires 2 arguments, but only 1
given ACLMaxUserIP.cc: In constructor
`ACLMaxUserIP::ACLMaxUserIP(const char*)': ACLMaxUserIP.cc:52:
parse error before `{' token
Another namespace conflict, this time in the form of a #define...
Regards
Henrik
Re: Problem with origin server connections
How are you making Squid distribute the requests on the backend servers? Regards Henrik On Monday 10 March 2003 22.13, David Nicklay wrote: Hi, Brian and I have been trying to puzzle out a problem we are having related to back end origin server connections initiated by squid. We have squid (2.5.stable1) set up in a reverse proxy configuration pointing at a group of origin servers which mount a number of NFS mounts to serve content from. What we are seeing is that when one of those NFS mount points locks up on the origin server, it will cause a seemingly permanent change to the number of connections and back end refreshes that the squid servers are sending to the origins. Restarting the squid listeners fixes it, but if we do not restart them, the number of connections and refreshes never returns to its normal state. This is true even if the NFS mount point comes back and the origin servers are restarted. I have seen this go on for over a day, when all of our timeouts are set in minutes and seconds not hours or days. I am curious to know why this behavior exists, and if there is anything that could be done about it? I am asking here rather than the squid user list, because I think it may be something fundamental to the way squid works and not a configuration issue.
Re: Object naming conflict on nt branch
Hi Robert, Il 22.07 10/03/2003 Guido Serassio ha scritto: Hi Robert, Il 22.02 10/03/2003 Robert Collins ha scritto: On Tue, 2003-03-11 at 07:51, Guido Serassio wrote: What is wrong ? I broke head merging ESI. I've fixed it now, and the next merge to the devel tree will bring across the fixes. Are You sure that ESI merge is the source of my problem ? I don't have still merged latest ESI changes on nt branch. Yes, now it's correct. Regards Guido Regards Cheers, Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. - === Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it - === Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it
Re: Object naming conflict on nt branch
Hi Henrik,
Il 22.44 10/03/2003 Henrik Nordstrom ha scritto:
On Monday 10 March 2003 21.51, Guido Serassio wrote:
ACLMaxUserIP.cc:51:77: macro max requires 2 arguments, but only 1
given ACLMaxUserIP.cc: In constructor
`ACLMaxUserIP::ACLMaxUserIP(const char*)': ACLMaxUserIP.cc:52:
parse error before `{' token
Another namespace conflict, this time in the form of a #define...
True, but already fixed by Robert.
Regards
Guido
Regards
Henrik
-
===
Serassio Guido
Via Albenga, 11/4 10134 - Torino - ITALY
E-mail: [EMAIL PROTECTED]
WWW: http://www.serassio.it
The use of cbdataFree() in HEAD
The following uses of cbdataFree in HEAD is dubious:
src/client_side_reply.cc:253:cbdataFree ((clientReplyContext
*)address);
src/store_client.cc:79:cbdataFree ((store_client *)address);
src/ESI.cc:2425:cbdataFree ((esiRemove *)address);
src/ESI.cc:2775:cbdataFree ((esiAttempt *)address);
src/ESI.cc:2800:cbdataFree ((esiExcept *)address);
src/ESI.cc:2825:cbdataFree ((esiVar *)address);
src/ESI.cc:2879:cbdataFree ((esiVarState *)address);
src/ESI.cc:3950:cbdataFree ((esiOtherwise *)address);
src/ESISegment.cc:166:cbdataFree ((ESISegment *)address);
I think in all cases the typecast should be removed as cbdataFree()
expects a L-VALUE (variable or memory area which can be on the left
of an assignment operation), not a R-VALUE (calulated value,
including typecasts).
cbdataFree is defined as:
#define cbdataFree(var) do {if (var)
{cbdataInternalFree(var); var = NULL;}} while(0)
and as you can see the typecast does not make much sense in such
context, and infact breaks the second part of the statement as
(store_client *)address = NULL; is not directly a sane legal
statement.
Robert: Is there any C++ specific reason to these typecasts?
Regards
Henrik
Re: Problem with origin server connections
Brian put together a hack to the dns guts which sends them to a different origin server each time and does some health checking on them to see if any more requests should be sent to each origin server. It would be nice to use the new rproxy setup to do this, but it is not in the stable releases yet. On Mon, 2003-03-10 at 16:45, Henrik Nordstrom wrote: How are you making Squid distribute the requests on the backend servers? Regards Henrik On Monday 10 March 2003 22.13, David Nicklay wrote: Hi, Brian and I have been trying to puzzle out a problem we are having related to back end origin server connections initiated by squid. We have squid (2.5.stable1) set up in a reverse proxy configuration pointing at a group of origin servers which mount a number of NFS mounts to serve content from. What we are seeing is that when one of those NFS mount points locks up on the origin server, it will cause a seemingly permanent change to the number of connections and back end refreshes that the squid servers are sending to the origins. Restarting the squid listeners fixes it, but if we do not restart them, the number of connections and refreshes never returns to its normal state. This is true even if the NFS mount point comes back and the origin servers are restarted. I have seen this go on for over a day, when all of our timeouts are set in minutes and seconds not hours or days. I am curious to know why this behavior exists, and if there is anything that could be done about it? I am asking here rather than the squid user list, because I think it may be something fundamental to the way squid works and not a configuration issue. -- David Nicklay Location: CNN Center - SE0811A Office: 404-827-2698Cell: 404-545-6218
Re: Problem with origin server connections
Ok. You did not tell how things changed when the condition occurs. If your problem is that Squid does not make as many connections to the backend servers as it should then I would guess the problem is around there. If your problem is that there is many connections to the backend server(s) which does not seem to go away then see primarily the half_closed_clients directive. Regards Henrik On Monday 10 March 2003 23.17, David Nicklay wrote: Brian put together a hack to the dns guts which sends them to a different origin server each time and does some health checking on them to see if any more requests should be sent to each origin server. It would be nice to use the new rproxy setup to do this, but it is not in the stable releases yet. On Mon, 2003-03-10 at 16:45, Henrik Nordstrom wrote: How are you making Squid distribute the requests on the backend servers? Regards Henrik On Monday 10 March 2003 22.13, David Nicklay wrote: Hi, Brian and I have been trying to puzzle out a problem we are having related to back end origin server connections initiated by squid. We have squid (2.5.stable1) set up in a reverse proxy configuration pointing at a group of origin servers which mount a number of NFS mounts to serve content from. What we are seeing is that when one of those NFS mount points locks up on the origin server, it will cause a seemingly permanent change to the number of connections and back end refreshes that the squid servers are sending to the origins. Restarting the squid listeners fixes it, but if we do not restart them, the number of connections and refreshes never returns to its normal state. This is true even if the NFS mount point comes back and the origin servers are restarted. I have seen this go on for over a day, when all of our timeouts are set in minutes and seconds not hours or days. I am curious to know why this behavior exists, and if there is anything that could be done about it? I am asking here rather than the squid user list, because I think it may be something fundamental to the way squid works and not a configuration issue.
about client connection
how squid will handle client Connection squid is listening on port 3128 for client request. does it create another connection for client request or use 3128 for all clie nts if it use 3128 for all clients, how it will handle concurrent user requests can u explain how connection wil be established in follwing scenario my machine IP is 192.9.20.54 squid box IP is 192.9.203.139 my default gw is 192.9.203.203 i enter www.yahoo.com in browser. how my browser handle this request and how request commes to squid? i am running squid in transparent mode. i read docs for transparent setup in squid and it is clear. now i want to know the flow of request. waiting for reply thanks regards atit _ Get your internet connection from the fastest growing digital network. ICENET visit our site www.icenet.net
