[squid-users] delay_pools don't work on squid 4.4

Alex Rousskov rousskov at measurement-factory.com
Thu Mar 28 03:17:36 UTC 2019 

On 3/27/19 5:29 PM, Yanier Salazar Sanchez wrote:

> I have squid4.4 installed in linux on ubuntu 18.04.1 and [...]
> delay_pools are functioning as if they didn’t have speed limits

While testing peering support for SslBump transactions[1], Factory has
discovered that delay pools are broken in Squid v4 and v5 as far as
tunneled traffic is concerned[2]. I do not have a stand-alone fix for
that bug -- too many changes surrounding the fixed code in that pull
request, but it is likely that the bug will be fixed in v5 if our pull
request is accepted. The proposed code is available for testing[3].

[1] https://github.com/squid-cache/squid/pull/380
[2] https://github.com/squid-cache/squid/pull/380/commits/679645f
[3] https://github.com/squid-cache/squid/pull/380.patch


HTH,

Alex.


> /etc/squid# squid -v
> 
> Squid Cache: Version 4.4
> 
> Service Name: squid
> 
> Debian linux
> 
> configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr'
> '--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
> '--infodir=${prefix}/share/info' '--sysconfdir=/etc'
> '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid' '--srcdir=.'
> '--disable-maintainer-mode' '--disable-dependency-tracking'
> '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2
> -fdebug-prefix-map=/build/squid-4.4=. -fstack-protector-strong -Wformat
> -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro
> -Wl,-z,now -Wl,--as-needed -latomic' '--enable-build-info=Debian linux'
> '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
> '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man'
> '--enable-inline' '--disable-arch-native' '--enable-async-io=8'
> '--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-delay-pools'
> '--enable-cache-digests' '--enable-icap-client'
> '--enable-follow-x-forwarded-for'
> '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
> '--enable-auth-digest=file,LDAP'
> '--enable-auth-negotiate=kerberos,wrapper'
> '--enable-auth-ntlm=fake,SMB_LM'
> '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group'
> '--enable-security-cert-validators=fake'
> '--enable-storeid-rewrite-helpers=file'
> '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi'
> '--enable-icmp' '--enable-zph-qos' '--enable-ecap'
> '--disable-translation' '--with-swapdir=/var/spool/squid'
> '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
> '--with-filedescriptors=65536' '--with-large-files'
> '--with-default-user=proxy' '--with-gnutls' '--enable-linux-netfilter'
> 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
> -fdebug-prefix-map=/build/squid-4.4=. -fstack-protector-strong -Wformat
> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now
> -Wl,--as-needed -latomic' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
> 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/squid-4.4=.
> -fstack-protector-strong -Wformat -Werror=format-security'
> 
>  
> 
> squidstat shows me this
> 
> remote=10.100.1.150:49791
> 
> local=10.100.2.5:3128
> 
> uri=r4---sn-xuxaxasda234-i58e.googlevideo.com:443
> 
> bytes=3429753
> 
> seconds=20
> 
> username=juan
> 
> delay_pool=4
> 
> connection=0x55fd2432a158
> 
>  
> 
> squid.conf
> 
> acl youtube url_regex .youtube.com .youtube.com:443 .googlevideo.com
> .googlevideo.com:443
> 
> delay_initial_bucket_level 90
> 
>  
> 
> delay_class 4 2
> 
> delay_access 4 allow youtube
> 
> delay_parameters 4 18000/19000 10000/11000
> 
> delay_access 4 deny all
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list