Squid 3 (squid.inc) changes to get it working

_igor_

Installing squid3 on pfSense 2.0 (amd64) results in a bunch of errors:

php: /pkg_edit.php: The command '/usr/local/sbin/squid -D' returned exit code '1', the output was '2011/02/24 10:30:04| WARNING: -D command-line option is obsolete. 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /27 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /8 2011/02/24 10:30:04| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2011/02/24 10:30:04| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2011/02/24 10:30:04| WARNING: You should probably remove '::/0' from the ACL named 'all' 2011/02/24 10:30:04| aclParseAclL

So i decided to look at the squid.inc and made the following changes:

first change is to get rid of the "wrong" netmask: squid wants CDIR.
second change is the change from the acl-netmasks to CDIR too.
third change is the removing of the reply_body_max_size, because the squid manpage says

Configuration Format is:
reply_body_max_size SIZE UNITS [acl …]
ie.
reply_body_max_size 10 MB

and at the same time

reply_body_max_size SIZE [acl acl…]

(without units)

So i tested with "reply_body_max_size 0 deny all" and with "reply_body_max_size 0 KB deny all". Tested with other values greater 0, but all time same result.
If anybody has an explanation to this strange behaviour, please feel free to tell me.

And at last i removed the "-d" from the starting-script.

Output of diff:

676a677
> 			$mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2);
806,807c807,808
< acl all src 0.0.0.0/0.0.0.0
< acl localhost src 127.0.0.1/255.255.255.255
---
> acl all src all
> acl localhost src 127.0.0.1/32
896c897
< 	$conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
---
> //	$conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
1159c1160
< 		mwexec("/usr/local/sbin/squid -D");
---
> 		mwexec("/usr/local/sbin/squid");

Now squid3 starts without any errror, squidguard starts too and its working as expected:

Feb 24 13:25:39	check_reload_status: syncing firewall
Feb 24 13:25:38	check_reload_status: reloading filter
Feb 24 13:25:38	squid[43719]: Squid Parent: child process 43989 started
Feb 24 13:25:38	php: /pkg_edit.php: Starting Squid

:)

_igor_

Who maintains that package to get the most annoying errors out of the squid3 package? Would be nice to get it running directly… :)

mhab12

Thanks for the work you have done on the squid package.  Many people will appreciate it when when 2.0 goes RC or final.

I suspect the devs will see your work here and implement the changes.  The package was maintained by databeestje, however I'm not sure if he is involved with the project anymore.