[PATCH] Updates to qos_flows documentation

2014-03-28 Thread Andrew Beverley 
Hi guys,

Please find attached patch for minor updates to the qos_flows
documentation, based on recent squid-users questions.

Andy

Minor updates to the qos_flows documentation. Clearer instructions
based on recent squid-users mailing list questions.

=== modified file 'src/cf.data.pre'
--- src/cf.data.pre	2014-03-23 02:56:12 +
+++ src/cf.data.pre	2014-03-28 10:44:07 +
@@ -2071,10 +2071,18 @@
 LOC: Ip::Qos::TheConfig
 DOC_START
 	Allows you to select a TOS/DSCP value to mark outgoing
-	connections with, based on where the reply was sourced.	For
-	platforms using netfilter, allows you to set a netfilter mark
+	connections to the client with, based on where the reply was sourced.
+	For platforms using netfilter, allows you to set a netfilter mark
 	value instead of, or in addition to, a TOS value.
 
+	By default this functionality is disabled. To enable it with the default
+	settings simply use "qos_flows mark" or "qos_flows tos". Default
+	settings will result in the mark or TOS value being copied from the
+	upstream connection to the client.
+
+	It is not currently possible to copy the mark or TOS value from the
+	client to the upstream connection request.
+
 	TOS values really only have local significance - so you should
 	know what you're specifying. For more information, see RFC2474,
 	RFC2475, and RFC3260.

Re: [PATCH] Updates to qos_flows documentation

2014-03-28 Thread Andrew Beverley 
On Fri, 2014-03-28 at 10:48 +, Andrew Beverley wrote:
> Minor updates to the qos_flows documentation. Clearer instructions
> based on recent squid-users mailing list questions. 

Apologies, please find attached updated patch. I have made clearer the
requirement to use CONNMARK not MARK.

Andy

Minor updates to the qos_flows documentation. Clearer instructions
based on recent squid-users mailing list questions.

=== modified file 'src/cf.data.pre'
--- src/cf.data.pre	2014-03-23 02:56:12 +
+++ src/cf.data.pre	2014-03-28 11:12:17 +
@@ -2071,10 +2071,19 @@
 LOC: Ip::Qos::TheConfig
 DOC_START
 	Allows you to select a TOS/DSCP value to mark outgoing
-	connections with, based on where the reply was sourced.	For
-	platforms using netfilter, allows you to set a netfilter mark
+	connections to the client with, based on where the reply was sourced.
+	For platforms using netfilter, allows you to set a netfilter mark
 	value instead of, or in addition to, a TOS value.
 
+	By default this functionality is disabled. To enable it with the default
+	settings simply use "qos_flows mark" or "qos_flows tos". Default
+	settings will result in the netfilter mark or TOS value being copied
+	from the upstream connection to the client. Note that it is the connection
+	CONNMARK value not the packet MARK value that is copied.
+
+	It is not currently possible to copy the mark or TOS value from the
+	client to the upstream connection request.
+
 	TOS values really only have local significance - so you should
 	know what you're specifying. For more information, see RFC2474,
 	RFC2475, and RFC3260.

ICMP pinger problem

2014-03-28 Thread Christian 
Hi,

in my cache.log I found the following:

2014/03/28 20:07:27 kid1| Accepting HTTP Socket connections at
local=0.0.0.0:3128 remote=[::] FD 30 flags=9
2014/03/28 20:07:27| pinger: Initialising ICMP pinger ...
2014/03/28 20:07:27|  icmp_sock: (1) Operation not permitted
2014/03/28 20:07:27| pinger: Unable to start ICMP pinger.
2014/03/28 20:07:27|  icmp_sock: (97) Address family not supported by
protocol
2014/03/28 20:07:27| pinger: Unable to start ICMPv6 pinger.
2014/03/28 20:07:27| FATAL: pinger: Unable to open any ICMP sockets.

Any ideas how to fix ?
Is this important ?

Thanks
 Chris

-- 

Christian

   - Please do not 'CC' me on list mails.
  Just reply to the list :)

Der ultimative shop für Sportbekleidung und Zubehör

http://www.sc24.de

Re: ICMP pinger problem

2014-03-28 Thread Amos Jeffries 
On 29/03/2014 8:12 a.m., Christian wrote:
> Hi,
> 
> in my cache.log I found the following:
> 
> 2014/03/28 20:07:27 kid1| Accepting HTTP Socket connections at
> local=0.0.0.0:3128 remote=[::] FD 30 flags=9
> 2014/03/28 20:07:27| pinger: Initialising ICMP pinger ...
> 2014/03/28 20:07:27|  icmp_sock: (1) Operation not permitted
> 2014/03/28 20:07:27| pinger: Unable to start ICMP pinger.
> 2014/03/28 20:07:27|  icmp_sock: (97) Address family not supported by
> protocol
> 2014/03/28 20:07:27| pinger: Unable to start ICMPv6 pinger.
> 2014/03/28 20:07:27| FATAL: pinger: Unable to open any ICMP sockets.
> 
> Any ideas how to fix ?

Check the pinger is installed with root owner and Squid run as root.
that should fix the IPv4 ICMP socket access. We are still trying to
track down exactly what is going wrong with the IPv6 socket.

> Is this important ?

medium-low. ICMP is one if the ways Squid selects fast peers. So its
importance depends on whether you use peers or not, and whether ICMP is
enabled on your network (pinger uses ICMP echo).

Amos

Jenkins build is back to normal : 3.HEAD-amd64-centos-6 #271

2014-03-28 Thread noc 
See

Build failed in Jenkins: 3.HEAD-amd64-FreeBSD-10 #18

2014-03-28 Thread noc 
See 

Changes:

[Amos Jeffries] Add some missing Sbuf.h includes

[Amos Jeffries] Better fix for rev.13324

[Amos Jeffries] Fix min() parameter types after rev.13324

[Amos Jeffries] Parser-NG: Convert the ConnStateData input buffer to SBuf

Prepare the way to efficiently parse client requests using SBuf based
parser-ng.

IoCallback stores a raw-pointer to the ConnStateData::In::buf member
object rather than an SBuf reference to the backing MemBlob or char*
store so that only the short (blocking) FD_READ_METHOD() call needs to
provide any synchronous guarantees. We also particularly need a direct
(raw) pointer to the ConnStateData member to prevent the possible
read/consume collisions causing problems with the ConnStateData callback
and avoid having to merge two separate SBuf.

--
[...truncated 3575 lines...]
--- basic_ncsa_auth.o ---
mv -f .deps/basic_ncsa_auth.Tpo .deps/basic_ncsa_auth.Po
--- crypt_md5.o ---
mv -f .deps/crypt_md5.Tpo .deps/crypt_md5.Po
--- basic_ncsa_auth ---
/bin/sh ../../../libtool  --tag=CXX--mode=link /usr/local/bin/ccache g++ 
-Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe 
-D_REENTRANT  -g -O2 -std=c++0x -I/usr/local/include  -g -L/usr/local/lib 
-Wl,-R/usr/local/lib -pthread -o basic_ncsa_auth basic_ncsa_auth.o  crypt_md5.o 
../../../lib/libmisccontainers.la  ../../../lib/libmiscencoding.la  
../../../compat/libcompat-squid.la   -lnettle  -lcrypt-lm 
libtool: link: /usr/local/bin/ccache g++ -Wall -Wpointer-arith -Wwrite-strings 
-Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 -std=c++0x 
-I/usr/local/include -g -Wl,-R/usr/local/lib -pthread -o basic_ncsa_auth 
basic_ncsa_auth.o crypt_md5.o  -L/usr/local/lib 
../../../lib/.libs/libmisccontainers.a ../../../lib/.libs/libmiscencoding.a 
../../../compat/.libs/libcompat-squid.a -lnettle -lcrypt -lm -pthread
Making all in PAM
--- basic_pam_auth.o ---
/usr/local/bin/ccache g++ -DHAVE_CONFIG_H  -I../../../.. -I../../../../include 
-I../../../../lib  -I../../../../src -I../../../include  -I/usr/local/include 
-I/usr/include  -I/usr/include -I../../../../libltdl   -I/usr/include  
-I/usr/include -Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow 
-Werror -pipe -D_REENTRANT -g -O2 -std=c++0x -I/usr/local/include -MT 
basic_pam_auth.o -MD -MP -MF .deps/basic_pam_auth.Tpo -c -o basic_pam_auth.o 
../../../../helpers/basic_auth/PAM/basic_pam_auth.cc
mv -f .deps/basic_pam_auth.Tpo .deps/basic_pam_auth.Po
--- basic_pam_auth ---
/bin/sh ../../../libtool  --tag=CXX--mode=link /usr/local/bin/ccache g++ 
-Wall -Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe 
-D_REENTRANT  -g -O2 -std=c++0x -I/usr/local/include  -g -L/usr/local/lib 
-Wl,-R/usr/local/lib -pthread -o basic_pam_auth basic_pam_auth.o 
../../../lib/libmiscencoding.la  ../../../compat/libcompat-squid.la   -lpam  
-lm 
libtool: link: /usr/local/bin/ccache g++ -Wall -Wpointer-arith -Wwrite-strings 
-Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 -std=c++0x 
-I/usr/local/include -g -Wl,-R/usr/local/lib -pthread -o basic_pam_auth 
basic_pam_auth.o  -L/usr/local/lib ../../../lib/.libs/libmiscencoding.a 
../../../compat/.libs/libcompat-squid.a -lpam -lm -pthread
Making all in POP3
--- basic_pop3_auth ---
sed -e 's,[@]PERL[@],/usr/bin/perl,g' 
<../../../../helpers/basic_auth/POP3/basic_pop3_auth.pl.in >basic_pop3_auth || 
(/bin/rm -f -f basic_pop3_auth ; exit 1)
Making all in RADIUS
--- basic_radius_auth.o ---
--- radius-util.o ---
--- basic_radius_auth.o ---
/usr/local/bin/ccache g++ -DHAVE_CONFIG_H  -I../../../.. -I../../../../include 
-I../../../../lib  -I../../../../src -I../../../include  -I/usr/local/include 
-I/usr/include  -I/usr/include -I../../../../libltdl 
-I../../../../helpers/basic_auth/RADIUS   -I/usr/include  -I/usr/include -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -std=c++0x -I/usr/local/include -MT basic_radius_auth.o -MD -MP -MF 
.deps/basic_radius_auth.Tpo -c -o basic_radius_auth.o 
../../../../helpers/basic_auth/RADIUS/basic_radius_auth.cc
--- radius-util.o ---
/usr/local/bin/ccache g++ -DHAVE_CONFIG_H  -I../../../.. -I../../../../include 
-I../../../../lib  -I../../../../src -I../../../include  -I/usr/local/include 
-I/usr/include  -I/usr/include -I../../../../libltdl 
-I../../../../helpers/basic_auth/RADIUS   -I/usr/include  -I/usr/include -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -std=c++0x -I/usr/local/include -MT radius-util.o -MD -MP -MF 
.deps/radius-util.Tpo -c -o radius-util.o 
../../../../helpers/basic_auth/RADIUS/radius-util.cc
mv -f .deps/radius-util.Tpo .deps/radius-util.Po
--- basic_radius_auth.o ---
mv -f .deps/basic_radius_auth.Tpo .deps/basic_radius_auth.Po
--- basic_radius_auth ---
/bin/sh ../../../libtool  --tag=CXX--mode=link /usr/local/bin/ccache g++ 
-Wall -Wpointer-arit

Re: ICMP pinger problem

2014-03-28 Thread Christian 
Am 29.03.2014 00:59, schrieb Amos Jeffries:
>> Any ideas how to fix ?
> 
> Check the pinger is installed with root owner and Squid run as root.
hmm, OK, but running squid as root is not a good idea.
Then having 'squid' user and group is better.
And /usr/sbin/pinger should have attr(4750,root,squid)

Now pinger is working.
Thanks for the tip.

-- 

Christian

   - Please do not 'CC' me on list mails.
  Just reply to the list :)

Der ultimative shop für Sportbekleidung und Zubehör

http://www.sc24.de