The pfSense Store

Author Topic: squid 3 (squid.inc) changes to get it working  (Read 8220 times)

0 Members and 1 Guest are viewing this topic.

Offline _igor_

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +0/-0
    • View Profile
squid 3 (squid.inc) changes to get it working
« on: February 24, 2011, 06:44:50 am »
Installing squid3 on pfSense 2.0 (amd64) results in a bunch of errors:
Code: [Select]
php: /pkg_edit.php: The command '/usr/local/sbin/squid -D' returned exit code '1', the output was '2011/02/24 10:30:04| WARNING: -D command-line option is obsolete. 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /27 2011/02/24 10:30:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead. 2011/02/24 10:30:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges. 2011/02/24 10:30:04| WARNING: For now we will assume you meant to write /8 2011/02/24 10:30:04| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2011/02/24 10:30:04| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2011/02/24 10:30:04| WARNING: You should probably remove '::/0' from the ACL named 'all' 2011/02/24 10:30:04| aclParseAclL
So i decided to look at the squid.inc and made the following changes:

first change is to get rid of the "wrong" netmask: squid wants CDIR.
second change is the change from the acl-netmasks to CDIR too.
third change is the removing of the reply_body_max_size, because the squid manpage says
Quote
Configuration Format is:
      reply_body_max_size SIZE UNITS [acl ...]
   ie.
      reply_body_max_size 10 MB
and at the same time
Quote
reply_body_max_size SIZE [acl acl...]
(without units)

So i tested with "reply_body_max_size 0 deny all" and with "reply_body_max_size 0 KB deny all". Tested with other values greater 0, but all time same result.
If anybody has an explanation to this strange behaviour, please feel free to tell me.

And at last i removed the "-d" from the starting-script.

Output of diff:
Code: [Select]
676a677
> $mask = 32-log((ip2long($mask) ^ ip2long('255.255.255.255'))+1,2);
806,807c807,808
< acl all src 0.0.0.0/0.0.0.0
< acl localhost src 127.0.0.1/255.255.255.255
---
> acl all src all
> acl localhost src 127.0.0.1/32
896c897
< $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
---
> // $conf .= 'reply_body_max_size ' . ($down_limit * 1024) . " deny all\n";
1159c1160
< mwexec("/usr/local/sbin/squid -D");
---
> mwexec("/usr/local/sbin/squid");

Now squid3 starts without any errror, squidguard starts too and its working as expected:

Code: [Select]
Feb 24 13:25:39 check_reload_status: syncing firewall
Feb 24 13:25:38 check_reload_status: reloading filter
Feb 24 13:25:38 squid[43719]: Squid Parent: child process 43989 started
Feb 24 13:25:38 php: /pkg_edit.php: Starting Squid

:)

Offline _igor_

  • Hero Member
  • *****
  • Posts: 602
  • Karma: +0/-0
    • View Profile
Re: squid 3 (squid.inc) changes to get it working
« Reply #1 on: February 28, 2011, 01:33:27 am »
Who maintains that package to get the most annoying errors out of the squid3 package? Would be nice to get it running directly... :)

Offline mhab12

  • Hero Member
  • *****
  • Posts: 649
  • Karma: +0/-0
    • View Profile
Re: squid 3 (squid.inc) changes to get it working
« Reply #2 on: February 28, 2011, 09:58:27 am »
Thanks for the work you have done on the squid package.  Many people will appreciate it when when 2.0 goes RC or final.

I suspect the devs will see your work here and implement the changes.  The package was maintained by databeestje, however I'm not sure if he is involved with the project anymore.