[squid-users] Purging Cache Question
Hello, Am I correct in understanding that the first thing that Squid does when it receives a purge request (after it has verified proper authority, host, port, etc.) is remove the cache reference from memory with removeClientStoreReference(sc, http) and then do the removal from swap.state and the L2 directory by setting the ipcache_entry expire time to squid_curtime in ipcacheInvalidate(const char *name)? Also, how does ip_table get to ipcache_get(const char *name) in ipcache.cc, and where is hash_lookup defined? That is from: static ipcache_entry * ipcache_get(const char *name) { if (ip_table != NULL) return (ipcache_entry *) hash_lookup(ip_table, name); else return NULL; } Thanks, Murrah Boswell
Re: [squid-users] Activating delay pools feature
On Fri, 27 Feb 2004, Montervino, Mariano wrote: When we activate delay pools users stop authenticating with the domain and a error appear in the client browser saying couldnĀ“t retrieve the page and the domain\user never appear in the access.log. Please try upgrading. url:http://www.squid-cache.org/Versions/v2/2.5/bugs/ As you are having problems and using NTLM then I recommend upgrading to the nightly 2.5 snapshot as there has been very many NTLM related bugfixes since 2.5.STABLE4. Regards Henrik
Re: [squid-users] swap.state question
On Fri, 27 Feb 2004, OTR Comm wrote: What database format is swap.state in? None. It is a data file for Squid. Are there any existing tools that can pinpoint a particular entry in the cache by name? swap.state has this information in the object number field. If not, can you point me to code routines in 3.0 that address swap.state during a purge? see purgeRequest(). Please note that swap.state is only used by Squid during a cache rebuild. The index over what is in the cache is kept in memory while Squid is running and only changes is written to the swap.state to allow a cache rebuild should Squid crash. Regards Henrik
Re: [squid-users] site works unproxied but conn reset by peer via squid
On Fri, 27 Feb 2004, Adam wrote: We have a problem for which I was unable to find an explanation or solution via the list archives or FAQ: We are able to access the site www.calottery.com (don't ask - we just support the users :) unproxied (directly through our Pix firewall) but when going through our Squid 2.5STABLE3 proxy it takes forever to time out, then gives this error: While trying to retrieve the URL: http://www.calottery.com/ The following error was encountered: Read Error The system returned: (131) Connection reset by peer Please try upgrading to 2.5.STABLE4 as this includes a workaround for a common major bug in the HTTP inspection module of Cisco PIX and some other firewalls which could cause symptoms similar to this. Checking the archives, most connection reset by peer posts resolve with ignore them. Only in response to what the cache.log error message sslReadClient: FD 43: read failure: Connection reset by peer means, not on questions why connection reset errors is returned to the client. anything on Squid in a while. The only change we've made since this broke Feb 5th is we switched from a Checkpoint Firewall to the Pix firewall (no content-engines, just the firewall). I wonder if it is a coincidence but most reports about odd connection reset or unreachable sites involve Cisco PIX one way or another.. problem. Then again I am stumped so willing to try anything (we have a DEV Squid proxy that is identical to the other, so I am working on that. I tried clearing the cache (echo swap.state method) and adding calottery.com to the notcached directive (restarting each time) and both failed to resolve the problem. Upgrading may help. The problem you are seeing is a very low-level network problem and it is unlikely any changes in squid.conf will make any difference. What you need to test is if the site is reachable when running a browser on the proxy server, but not using the Squid proxy. Squid will only work as good as the connectivity from the server is running on. The kind of problem you are seeing is almost always caused by misbehaving firewalls in one way or antoher. When it is only a few sites that fail the misbehaving firewall is usually at the remote site, not yours. The ECN issue and the Host header workaround in 2.5.STABLE4 is both examples of having to work around very broken firewalls. A similar problem was also seen with the timestamp TCP option some years ago. It seems firewall vendors sometime forget to proactively test how their implementations will behave the day TCP/IP gets extended with one more option (timestamp) or flag (ECN), or make assumption that HTTP requests can always be processed as packets and not a TCP stream (Host: header issue with PIX etc). Regards Henrik
Re: Fw: [squid-users] Adding a disk ?
On Sat, 28 Feb 2004, aiggno wrote: Now, with about 160 req/s and my cache_dir is 15 GB. With addition disk (36 GB), do I just add a maximum partition to the squid (the whole disk) ? With so much webpages that generated automatically nowadays (I mean the content of the webpages change rapidly), do I need to have a large cache_dir ? With my new 36 GB disk, what is the best capacity of the new cache_dir ? Having more disk than about 7 days of traffic is not worth the effort. If you are using the default lru replacement policy then this figure can be retreived from the store directory statistics using cachemgr. Please note that the amount of memory requires is linear to the amount of cache you have. See the Squid FAQ on memory usage when adding another disk. When adding disks for better performance it is not uncommon to not use the whole disk. Disks are often larger than required or needed for caching these days. Regards Henrik
Re: [squid-users] Why this warning appears ?
On Sat, 28 Feb 2004, Danish Khan wrote: 2004/02/26 00:06:20| WARNING: newer swaplog entry for dirno 2, fileno 000292E3 Squid was restarted in an unclean manner not allowing it to save a clean swap.state index and thereby forcing a dirty rebuild of the cache. This warning can be ignored, but it is strongly recommended you allow Squid to shut down cleanly the next time.. Regards Henrik
Re: [squid-users] Purging Cache Question
On Sat, 28 Feb 2004, OTR Comm wrote: Am I correct in understanding that the first thing that Squid does when it receives a purge request (after it has verified proper authority, host, port, etc.) is remove the cache reference from memory with removeClientStoreReference(sc, http) and then do the removal from swap.state and the L2 directory by setting the ipcache_entry expire time to squid_curtime in ipcacheInvalidate(const char *name)? No, these are completely different things, not related to the object. You need to follow the thread a little further down (purgeRequestFindObjectToPurge) ipcache is the DNS cache of hostname - IP address lookups. Also, how does ip_table get to ipcache_get(const char *name) in ipcache.cc, and where is hash_lookup defined? That is from: hash_lookup is defined in hash.cc. Regards Henrik
[squid-users] cache_dir size problem
Hi This is my cache_dir line in squid.conf cache_dir ufs /cache 3500 16 256 my /cache total size is 3.9G df -h shows this for /cache /dev/sda5 3.9G 3.7G 272M 94% /cache If I have limit /cache to 3500MB, why is its size growing much higher then that? I also have these lines in my cache.log 2004/02/27 22:34:55| WARNING: Shrinking cache_dir #0 to 2862576 KB 2004/02/27 22:34:55| diskHandleWrite: FD 69: disk write error: (28) No space left on device 2004/02/27 22:34:55| storeUfsWriteDone: got failure (-6) 2004/02/27 22:34:55| storeSwapOutFileClosed: dirno 0, swapfile 0001BF33, errflag=-6 (28) No space left on device 2004/02/27 22:34:55| WARNING: Shrinking cache_dir #0 to 2862572 KB 2004/02/27 22:34:55| diskHandleWrite: FD 103: disk write error: (28) No space left on device 2004/02/27 22:34:55| storeUfsWriteDone: got failure (-6) 2004/02/27 22:34:55| storeSwapOutFileClosed: dirno 0, swapfile 0001BF33, errflag=-6 (28) No space left on device Is there something wrong??? Regards, Babar -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm
Re: [squid-users] site works unproxied but conn reset by peer via squid
On Sat, 28 Feb 2004, Henrik Nordstrom wrote: I wonder if it is a coincidence but most reports about odd connection reset or unreachable sites involve Cisco PIX one way or another.. probably not. they are notorious for breaking long-RFC'd protocols (like EDNS), or requiring tuning in such cases. if the PIX in question has 'fixup protocol http' in the config, i would try the same tests after doing 'no fixup proto http'. the http fixup doesn't really buy you much, unless you are using Cisco's Websense/URL filtering thingie. most sites i've seen have fixup on, adding unnecessary overhead, but are not really using the feature. http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a8.html#1067379 -m
Re: [squid-users] cache_dir size problem
are you using FreeBSD? is 5% of your partition reserved for root? best regards, Claudiu Bosioc www.his.ro IT Manager - Original Message - From: babar haq [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, February 28, 2004 3:32 PM Subject: [squid-users] cache_dir size problem Hi This is my cache_dir line in squid.conf cache_dir ufs /cache 3500 16 256 my /cache total size is 3.9G df -h shows this for /cache /dev/sda5 3.9G 3.7G 272M 94% /cache If I have limit /cache to 3500MB, why is its size growing much higher then that? I also have these lines in my cache.log 2004/02/27 22:34:55| WARNING: Shrinking cache_dir #0 to 2862576 KB 2004/02/27 22:34:55| diskHandleWrite: FD 69: disk write error: (28) No space left on device 2004/02/27 22:34:55| storeUfsWriteDone: got failure (-6) 2004/02/27 22:34:55| storeSwapOutFileClosed: dirno 0, swapfile 0001BF33, errflag=-6 (28) No space left on device 2004/02/27 22:34:55| WARNING: Shrinking cache_dir #0 to 2862572 KB 2004/02/27 22:34:55| diskHandleWrite: FD 103: disk write error: (28) No space left on device 2004/02/27 22:34:55| storeUfsWriteDone: got failure (-6) 2004/02/27 22:34:55| storeSwapOutFileClosed: dirno 0, swapfile 0001BF33, errflag=-6 (28) No space left on device Is there something wrong??? Regards, Babar -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm
RE: [squid-users] user_cert ACL in accel mode
Henrik, [EMAIL PROTECTED] etc]# /usr/local/squid/sbin/squid FATAL: Failed to acquire SSL certificate '/usr/local/squid/etc/proxy..crt': error:0906D06C:PEM routines:PEM_read_bio:no start line This error and indicates the cert= specified file is not a correcly formatted PEM certificate. But thats what I find strange. I'm using with clientca= same certificate as with without clientca= and it works fine. When I add clientca= option, I'm unable to start squid due to this error. All certs are in PEM, permissions are OK. Can't this be related to some sort of openssl issue? I'm running redhat 9 with latest updates. Thanks, David If there is problems with the clientca= option then the error message reads Error error setting CA certificate locations: /path/to/ca.crt: detailed OpenSSL error like above Regards Henrik
RE: [squid-users] user_cert ACL in accel mode
Henrik, [EMAIL PROTECTED] etc]# /usr/local/squid/sbin/squid FATAL: Failed to acquire SSL certificate '/usr/local/squid/etc/proxy..crt': error:0906D06C:PEM routines:PEM_read_bio:no start line This error and indicates the cert= specified file is not a correcly formatted PEM certificate. But thats what I find strange. I'm using with clientca= same certificate as with without clientca= and it works fine. When I add clientca= option, I'm unable to start squid due to this error. All certs are in PEM, permissions are OK. Can't this be related to some sort of openssl issue? I'm running redhat 9 with latest updates. Thanks, David If there is problems with the clientca= option then the error message reads Error error setting CA certificate locations: /path/to/ca.crt: detailed OpenSSL error like above Regards Henrik
RE: [squid-users] user_cert ACL in accel mode
On Sat, 28 Feb 2004, David Hajek wrote: But thats what I find strange. I'm using with clientca= same certificate as with without clientca= and it works fine. When I add clientca= option, I'm unable to start squid due to this error. All certs are in PEM, permissions are OK. Which Squid version? Regards Henrik
[squid-users] Not Seeing Web Performance Increase
Hello all, Since installing squid I haven't seen a huge increase in web access and performance on the web site I visit. What options can I raise or tweak in order to see an increase in web surfing performance and general web access? This is what squid runs on Debian Linux w/2.6.2 Kernel Pentium Pro 200MHZ. 128MB RAM RAID 0 40GB Stripe dedicated as the cache directory thanks marshall The best thing to hit the Internet in years - Juno SpeedBand! Surf the Web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today!
[squid-users] Cache Update Question
Hello, When a cache item is updated, is the L2 file for that item 'touch'ed? I.e, is the date of the file changed? Thanks, Murrah Boswell