Squid 3 (squid.inc) changes to get it working
-
Installing squid3 on pfSense 2.0 (amd64) results in a bunch of errors:
php: /pkg_edit.php: The command '/usr/local/sbin/squid -D' returned exit code '1', the output was '2011/02/24 10:30:04| WARNING: -D command-line option is obsolete. 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /27 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /8 2011/02/24 10:30:04| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2011/02/24 10:30:04| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2011/02/24 10:30:04| WARNING: You should probably remove '::/0' from the ACL named 'all' 2011/02/24 10:30:04| aclParseAclL
So i decided to look at the squid.inc and made the following changes:
first change is to get rid of the "wrong" netmask: squid wants CDIR.
second change is the change from the acl-netmasks to CDIR too.
third change is the removing of the reply_body_max_size, because the squid manpage saysConfiguration Format is:
reply_body_max_size SIZE UNITS [acl …]
ie.
reply_body_max_size 10 MBand at the same time
reply_body_max_size SIZE [acl acl…]
(without units)
So i tested with "reply_body_max_size 0 deny all" and with "reply_body_max_size 0 KB deny all". Tested with other values greater 0, but all time same result.
If anybody has an explanation to this strange behaviour, please feel free to tell me.And at last i removed the "-d" from the starting-script.
Output of diff:
676a677 > $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2); 806,807c807,808 < acl all src 0.0.0.0/0.0.0.0 < acl localhost src 127.0.0.1/255.255.255.255 --- > acl all src all > acl localhost src 127.0.0.1/32 896c897 < $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n"; --- > // $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n"; 1159c1160 < mwexec("/usr/local/sbin/squid -D"); --- > mwexec("/usr/local/sbin/squid");
Now squid3 starts without any errror, squidguard starts too and its working as expected:
Feb 24 13:25:39 check_reload_status: syncing firewall Feb 24 13:25:38 check_reload_status: reloading filter Feb 24 13:25:38 squid[43719]: Squid Parent: child process 43989 started Feb 24 13:25:38 php: /pkg_edit.php: Starting Squid
:)
-
Who maintains that package to get the most annoying errors out of the squid3 package? Would be nice to get it running directly… :)
-
Thanks for the work you have done on the squid package. Many people will appreciate it when when 2.0 goes RC or final.
I suspect the devs will see your work here and implement the changes. The package was maintained by databeestje, however I'm not sure if he is involved with the project anymore.