Search squid archive

Re: All Traffic is TCP MISS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jamie Orzechowski wrote:
Since I have moved to a TProxy setup all my traffic is showing up as a
TCP_MISS ... Without TProxy I see HIT's all over the place.

Any ideas what is causing this??

Running the following

IPTables: v1.4.3.2:
Kernel: 2.6.28-11-server

Squid Cache: Version 3.1.0.8
configure options:  '--prefix=/usr' '--mandir=/share/man'
'--infodir=/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=/lib/squid3'
'--sysconfdir=/etc/squid3' '--enable-inline'
'--enable-async-io=32' '--enable-storeio=ufs,aufs,diskd'
'--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-follow-x-forwarded-for'
'--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-linux-netfilter' --with-squid=/tmp/squid-3.1.0.8
--enable-ltdl-convenience

TProxy setup with the following

/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

echo 1 > /proc/sys/net/ipv4/ip_forward

-----------------------------------------------
Here is part of my config

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 66.78.96.0/19
acl localnet src 64.235.192.0/19
acl localnet src 72.0.192.0/19
acl localnet src 192.168.1.0/24
acl localnet src 192.168.254.0/24

hierarchy_stoplist cgi-bin ?


You appear to be under some illusion about what the following directives mean...

cache ==  don't store the object as is flows through Squid.

always_direct == don't send to a configured cache_peer.

thus...

acl directurls url_regex -i "/etc/squid3/direct-urls"
cache deny localnet

... prevents *_HIT ever occuring if the web object was fetched from localnet.

cache deny directurls

.. prevent storage (thus *_HIT) for any request matching a set of regex patterns.

always_direct allow directurls

.. since no cache_peer entries, merely slows squid down as it does a very slow regex match.

cache allow all

... then lets stuff be cached. Which is normal behavior if none of the above exist.


acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
htcp_access allow localnet
icp_access deny all
htcp_access deny all
htcp_clr_access deny all
ident_lookup_access deny all

http_port 66.78.102.2:3128
http_port 66.78.102.2:3129 tproxy

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i
\.(iso|img|avi|wav|mp3|mp4|mpg|mpeg|swf|flv|x-flv|wma|wmv)$ 43200 90%
432000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i
\.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf)$ 10080 90%
43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern . 0 40% 40320


It is a problem mentioned before.
Your probably has something to do with this:
   cache deny localnet

What I don't understand is why you get any HIT at all.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
  Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux