> On Thu, Jan 17, 2008, Ryan Thoryk wrote: >> We've made changes, and are still having issues - do you think using >> squid3, changing our values, setting squid to run directly on port 80 >> (instead of ipfw redirecting 80 to 3128), or running Linux would solve >> the problems (this is on FreeBSD 6.2)? > > I doubt Squid-3 or changing port will matter, but you never know. > If you change just one at a time then compare then you'll figure it > out though! > >> The main log messages we're getting are "httpReadReply: Excess data >> from" and "httpReadReply: Request not yet fully sent". >> >> Here's our changes: >> Kernel: >> Removed the NET_WITH_GIANT option, since aio supposedly works fine >> without it (this was turned on before) >> Added DEVICE_POLLING, which uses the interface polling method instead of >> standard interrupt routines for network interfaces >> >> added these to /etc/sysctl.conf: >> net.inet.tcp.rfc1323=0 >> net.inet.tcp.mssdflt=1460 >> net.inet.tcp.slowstart_flightsize=27 >> net.inet.tcp.hostcache.expire=3900 >> kern.polling.burst_max=1000 >> kern.polling.idle_poll=0 >> kern.polling.each_burst=50 >> >> added these to /boot/loader.conf (for increasing the host cache table) >> net.inet.tcp.tcbhashsize="4096" >> net.inet.tcp.hostcache.hashsize="1024" >> >> the MTU for the GRE interfaces is set to 1514 in the rc.gre script >> polling is turned on in /etc/rc.conf for the em0 interface > > Thats not going to help; you only receive traffic via the GRE, you never > send it. Leave the MTU on the GRE interface as it is. > > Are you sure you can't snaffle a tcpdump -s 1518 of the offending traffic? > Do you know if its a server -> squid or squid -> client issue? > Just a thought: is your squid built with ip-transparent or ipf-transparent support or none? Amos
