2.1 with Squid3 - How to reset the config of a deleted package?

TsyMiroro

How to reset the config og a deleted package?

Actually I test squid3 with 2.1 but I think somethings are not correct in my config

• the proxy can not be transparent.
• in GUI I put logs in "/var/squid/logs", and in reality, it need /var/log/squid/netdb.state

When I delete the package and re-install it, the old config is restored without ask.

Other question how to test that this package work fine?
Usually I do
"tail -f /var/squid/logs/access.log" to see the traffic in cache, and
"du -h /var/squid/cache/" to see that the cache is used (in first times)
is this right?

thanks.

marcelloc

To delete config, you need to Edit XML by hand.
Current version does not has an option to clean package config.

Unselect cache dynamic content if you have only TCP_MISS on your access.log

TsyMiroro

Hi Marcelloc!

I see your name frequently is the forum.
Thanks for your work, thanks for your help.

With ssh access, I delete /usr/pbi/squid-i386/etc/squid/squid.conf
I copy /usr/pbi/squid-i386/etc/squid/squid.conf.default to squid.conf, and reboot pfSense.
The config is the same, no change.

/var/squid/logs/access.log is empty

[2.1-BETA0][admin@pfSense.tld]/var/squid(4): pwd
/var/squid         

[2.1-BETA0][admin@pfSense.tld]/var/squid(5): ls -l logs/
total 14
-rw-r--r--  1 proxy  proxy     0 Nov 10 12:35 access.log
-rw-r-----  1 proxy  proxy  4375 Nov 11 09:59 cache.log
-rw-r--r--  1 proxy  proxy  7132 Nov 10 18:49 cache.log.0
[2.1-BETA0][admin@pfSense.tld]/var/squid(6): 

The content of cache.log

[2.1-BETA0][admin@pfSense.tld]/var/squid(6): cat logs/cache.log
2012/11/11 00:00:02| storeDirWriteCleanLogs: Starting...
2012/11/11 00:00:02|   Finished.  Wrote 0 entries.
2012/11/11 00:00:02|   Took 0.00 seconds (  0.00 entries/sec).
2012/11/11 09:57:00| Preparing for shutdown after 16133 requests
2012/11/11 09:57:00| Waiting 3 seconds for active connections to finish
2012/11/11 09:57:00| FD 22 Closing HTTP connection
2012/11/11 09:57:00| FD 23 Closing HTTP connection
2012/11/11 09:57:04| Shutting down...
2012/11/11 09:57:04| FD 24 Closing ICP connection
2012/11/11 09:57:04| basic/auth_basic.cc(97) done: Basic authentication Shutdown.
2012/11/11 09:57:04| Closing unlinkd pipe on FD 17
2012/11/11 09:57:04| storeDirWriteCleanLogs: Starting...
2012/11/11 09:57:04|   Finished.  Wrote 0 entries.
2012/11/11 09:57:04|   Took 0.00 seconds (  0.00 entries/sec).
CPU Usage: 303.738 seconds = 162.332 user + 141.405 sys
Maximum Resident Size: 14768 KB
Page faults with physical i/o: 3
2012/11/11 09:57:04| Open FD UNSTARTED    11 DNS Socket IPv6
2012/11/11 09:57:04| Open FD READ/WRITE   12 DNS Socket IPv4
2012/11/11 09:57:04| Open FD READ/WRITE   16 Waiting for next request
2012/11/11 09:57:04| Open FD UNSTARTED    24 ICP Socket
2012/11/11 09:57:04| Open FD READ/WRITE   25 www.msftncsi.com idle connection
2012/11/11 09:57:04| Open FD READ/WRITE   26 crl.microsoft.com idle connection
2012/11/11 09:57:04| Squid Cache (Version 3.1.20): Exiting normally.
2012/11/11 09:59:09| Starting Squid Cache version 3.1.20 for i386-portbld-freebsd8.3...
2012/11/11 09:59:09| Process ID 18192
2012/11/11 09:59:09| With 6976 file descriptors available
2012/11/11 09:59:09| Initializing IP Cache...
2012/11/11 09:59:09| DNS Socket created at [::], FD 11
2012/11/11 09:59:09| DNS Socket created at 0.0.0.0, FD 12
2012/11/11 09:59:09| Adding domain cna.mg from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 208.67.222.222 from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 208.67.220.220 from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 8.8.8.8 from /etc/resolv.conf
2012/11/11 09:59:09| Adding nameserver 8.8.8.4 from /etc/resolv.conf
2012/11/11 09:59:09| User-Agent logging is disabled.
2012/11/11 09:59:09| Referer logging is disabled.
2012/11/11 09:59:10| Unlinkd pipe opened on FD 17
2012/11/11 09:59:10| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2012/11/11 09:59:10| Store logging disabled
2012/11/11 09:59:10| Swap maxSize 5120000 + 262144 KB, estimated 414011 objects
2012/11/11 09:59:10| Target number of buckets: 20700
2012/11/11 09:59:10| Using 32768 Store buckets
2012/11/11 09:59:10| Max Mem  size: 262144 KB
2012/11/11 09:59:10| Max Swap size: 5120000 KB
2012/11/11 09:59:10| Version 1 of swap file with LFS support detected... 
2012/11/11 09:59:10| Rebuilding storage in /var/squid/cache (CLEAN)
2012/11/11 09:59:10| Using Least Load store dir selection
2012/11/11 09:59:10| Current Directory is /etc
2012/11/11 09:59:10| Loaded Icons.
2012/11/11 09:59:10| helperOpenServers: Starting 0/0 'ssl_crtd' processes
2012/11/11 09:59:10| helperOpenServers: No 'ssl_crtd' processes needed.
2012/11/11 09:59:10| Accepting  HTTP connections at 172.24.0.1:3128, FD 22.
2012/11/11 09:59:10| Accepting  intercepted HTTP connections at 127.0.0.1:3128, FD 23.
2012/11/11 09:59:10| Accepting ICP messages at [::]:7, FD 24.
2012/11/11 09:59:10| HTCP Disabled.
2012/11/11 09:59:10| Ready to serve requests.
2012/11/11 09:59:10| Done reading /var/squid/cache swaplog (0 entries)
2012/11/11 09:59:10| Finished rebuilding storage from disk.
2012/11/11 09:59:10|         0 Entries scanned
2012/11/11 09:59:10|         0 Invalid entries.
2012/11/11 09:59:10|         0 With invalid flags.
2012/11/11 09:59:10|         0 Objects loaded.
2012/11/11 09:59:10|         0 Objects expired.
2012/11/11 09:59:10|         0 Objects cancelled.
2012/11/11 09:59:10|         0 Duplicate URLs purged.
2012/11/11 09:59:10|         0 Swapfile clashes avoided.
2012/11/11 09:59:10|   Took 0.11 seconds (  0.00 objects/sec).
2012/11/11 09:59:10| Beginning Validation Procedure
2012/11/11 09:59:10|   Completed Validation Procedure
2012/11/11 09:59:10|   Validated 25 Entries
2012/11/11 09:59:10|   store_swap_size = 0
2012/11/11 09:59:11| storeLateRelease: released 0 objects

[2.1-BETA0][admin@pfSense.tld]/var/squid(7): 

Where is the xml file?
I can not see the modified values in these files

[2.1-BETA0][admin@pfSense.tld]/var/squid(7): find / -name "*squid*xml*"
/usr/local/pkg/squid.xml
/usr/local/pkg/squid_reverse_general.xml
/usr/local/pkg/squid_reverse_peer.xml
/usr/local/pkg/squid_reverse_uri.xml
/usr/local/pkg/squid_reverse_sync.xml
/usr/local/pkg/squid_sync.xml
/usr/local/pkg/squid_cache.xml
/usr/local/pkg/squid_nac.xml
/usr/local/pkg/squid_ng.xml
/usr/local/pkg/squid_traffic.xml
/usr/local/pkg/squid_upstream.xml
/usr/local/pkg/squid_reverse.xml
/usr/local/pkg/squid_auth.xml
/usr/local/pkg/squid_users.xml

[2.1-BETA0][admin@pfSense.tld]/var/squid(8): 

[2.1-BETA0][admin@pfSense.tld]/usr/local/pkg(17): ps ax |grep squid
17633  ??  Is     0:00.01 /usr/pbi/squid-i386/sbin/squid -f /usr/pbi/squid-i386
18192  ??  R      0:45.86 (squid) -f /usr/pbi/squid-i386/etc/squid/squid.conf (
59301   0  S+     0:00.01 grep squid

[2.1-BETA0][admin@pfSense.tld]/usr/local/pkg(18): 

If can post all needed info.

I think it can be help to have a reset button in the GUI for restore default value.

@+

marcelloc

Squid package config stays on pfSense config.xml file.

Make a backup (diagnostic s-> backup) and take a look for squid settings.

Be care full while editing XML file to do not mess up the file and break your pfSense.

If you know how Vi and XML config works, you can try a viconfig on console.

TsyMiroro

I uncheck "dynamic content" and can see that "du -h /var/squid/cache" begin to increase. Wait for real use of the network for verify if cache work.

"tail -f /var/squid/logs/access.log" stay empty. Nothing in this log-file.

/cf/conf/config.xml contain configs data but it seems to be mixed in the file, ie, the item in the file is not in the same order in the GUI, it is more complicated for me because the number of lines (3250), I prefer do nothing with this file.

I'm not certain that it works correctly.

TsyMiroro

the ends of lines of /var/squid/logs/cache.log show some errors

[2.1-BETA0][admin@pfSense.tld]/var/squid(7): cat logs/cache.log
2012/11/12 00:00:00| storeDirWriteCleanLogs: Starting...
2012/11/12 00:00:00|   Finished.  Wrote 5657 entries.
2012/11/12 00:00:00|   Took 0.01 seconds (427233.59 entries/sec).
2012/11/12 08:30:13| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:13| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:16| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:16| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:18| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:18| httpAccept: FD 23: accept failure: (53) Software caused connection abort
2012/11/12 08:30:20| comm_old_accept: FD 23: (53) Software caused connection abort
2012/11/12 08:30:20| httpAccept: FD 23: accept failure: (53) Software caused connection abort

[2.1-BETA0][admin@pfSense.tld]/var/squid(8): 

I can not interpret these errors.

.

TsyMiroro

I see that squid runs under root. Is it normal?

[2.1-BETA0][admin@pfSense.tld]/var/squid(17): ps ux |grep squid
root 12374  0.0  0.8  9552  3984  ??  Is   Sun11AM   0:00.01 /usr/pbi/squid-i38
root 10230  0.0  0.2  3536  1184   0  S+   11:34AM   0:00.01 grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(18): 

[2.1-BETA0][admin@pfSense.tld]/var/squid(19): cat /etc/passwd |grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(20): cat /etc/passwd | grep proxy
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin

[2.1-BETA0][admin@pfSense.tld]/var/squid(21): cat /etc/group  | grep squid

[2.1-BETA0][admin@pfSense.tld]/var/squid(22): cat /etc/group | grep proxy
proxy:*:62:

[2.1-BETA0][admin@pfSense.tld]/var/squid(23): 

In /usr/pbi/squid-i386/etc/squid/squid.conf the user and group are proxy

[2.1-BETA0][admin@pfSense.tld]/var/squid(23): cat /usr/pbi/squid-i386/etc/squid/squid.conf
# This file is automatically generated by pfSense
# Do not edit manually !
http_port 172.24.0.1:3128
http_port 127.0.0.1:3128 intercept
icp_port 7
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language fr
icon_directory /usr/pbi/squid-i386/etc/squid/icons
visible_hostname aro-afo
cache_mgr admin@localhost
access_log /dev/null
cache_log /var/squid/logs/cache.log
cache_store_log none
sslcrtd_children 0
logfile_rotate 15
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  172.24.0.0/24
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic
cache_mem 256 MB
maximum_object_size_in_memory 128 KB
memory_replacement_policy lru
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 5000 16 256
minimum_object_size 0 KB
maximum_object_size 20000 KB
offline_mode offcache_swap_low 90
cache_swap_high 95

# No redirector configured

#Remote proxies

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
acl sslports port 443 563  
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT

http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
# Throttle extensions matched in the url
acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl"
delay_access 1 allow throttle_exts
delay_access 1 deny allsrc

# Reverse Proxy settings

# Custom options

# Setup allowed acls
# Allow local network(s) on interface(s)
http_access allow localnet
# Default block all to be sure
http_access deny allsrc

[2.1-BETA0][admin@pfSense.tld]/var/squid(24): 

marcelloc

@TsyMiroro:

"tail -f /var/squid/logs/access.log" stay empty. Nothing in this log-file.

Did you enabled squid logs on gui?

TsyMiroro

Enable logging is enabled.

In this time I do a update from 13 Nov to 17 Nov.
After this if I see some error I report it here.

In this version caching dynamic content work?

TsyMiroro

Now, I have activities into /var/squid/logs/access.log with some HIT

The size given by du -h /var/squid/cache/ increase and decrease (decrease slowly), but is not in the maximum value get in GUI.
In GUI It put 3000Mo, yesterday "du -h" give 780Mo, today it is  757Mo

I can think that it work correctly.

I continue to view this work and install lightsquid in next week, and when it work normally, install squidguard too, but when a problem occurs, it is an other thread.

Thanks for help.

TsyMiroro

How to mark [solved] in subject?

Metu69salemi

Edit your first post in this subject and edit Subject field.. ;)

TsyMiroro

I want to note that in 2.1, squid3 seems not work with "dynamic content" checked.

Thanks for all.