, DNS .

DNS ( IMHO) .

5

5.1 Squid?

Squid CGI cachemgr.cgi squid . , cachemgr.cgi.

5.2 log ?

e Squid. log , , , , . log Squid:

access.log, : 

 Host Ident - [D/M/Yr:H:M:S TZ] "Method URL" Status Size
access.log, Squid 1.0 : 
 Time Elapsed Host Status/HTTP/Hier_Status Size Method URL
access.log, Squid 1.1 : 
 Time Elapsed Host Status/HTTP Size Method URL Ident Hier_Status/Hier_Host
hierarchy.log, Squid 1.0: 
 [D/M/Yr:H:M:S TZ] URL Hier_Status Hier_Host
log:
Host
IP ( v1.1, FQDN).
Ident
'-'. 1.1 Ident (RFC 931), .
Method
GET, HEAD, POST TCP ICP_QUERY UDP .
URL
.
Status
(TCP_HIT , TCP_MISS , UDP_HIT UDP_MISS ).
HTTP
HTTP : 200 , 000 UDP , 403 , 500 , ..
Size
.
Hier_Status
/ . PARENT_MISS, SIBLING_HIT ..
Hier_Host
, .
Time
Jan 1, 1970 .
Elapsed
.

5.3 log ?

log , squid USR1. , log . log . , squid.pid /usr/local/squid/logs/squid.pid ( squid.conf) :

kill -USR1 `cat /usr/local/squid/logs/squid.pid`

: logfile_rotate squid.conf log . logfile_rotate . logfile_rotate , log . logfile_rotate crontab squid ' SIGUSR1, :

0 0 * * * /bin/kill -USR1 `cat /usr/local/squid/logs/squid.pid`

, log, cache_dir . , Squid. .

5.4 ?

sort -r -n +4 -5 access.log | awk '{print $5, $7}' | head -25

5.5 Squid

, -z .

, , log cache_dir.

6 -

[Contributed by Jonathan Larmour <JLarmour@origin-at.co.uk>]

6.1 -?

- (cachemgr.cgi) CGI squid. - .

6.2 ?

web , . CERN Apache cachemgr.cgi.

, web , SIGHUP, .

web , - URL:

http://www.example.com/Squid/cgi-bin/cachemgr.cgi

6.3 CERN httpd 3.0 -

-, , -. CERN httpd.conf, squid.conf. 
 Protection MGR-PROT {
 Mask @(workstation.example.com)
 }
, IP , . . .

: 

 Protect /Squid/* MGR-PROT
 Exec /Squid/cgi-bin/*.cgi /usr/local/squid/bin/*.cgi
MGR-PROT, .

6.4 Apache -

, cgi-bin ScriptAlias srm.conf Apache, - : 
ScriptAlias /Squid/cgi-bin/ /usr/local/squid/cgi-bin/
ScriptAlias /usr/local/squid/bin Squid.

, -. access.conf Apache, squid.conf. access.conf, : 

 <Location /Squid/cgi-bin/cachemgr.cgi>
 order deny,allow
 deny from all
 allow from workstation.example.com
 </Location>
, .

, cachemgr.cgi . access.conf: 

 <Location /Squid/cgi-bin/cachemgr.cgi>
 AuthUserFile /path/to/password/file
 AuthGroupFile /dev/null
 AuthName User/Password Required
 AuthType Basic
 <Limit GET>
 require user cachemanager
 </Location>
Apache htpasswd .

6.5 ACL ( ) - squid.conf

- squid.conf : 
 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl all src 0.0.0.0/0.0.0.0
: 
 http_access deny manager !localhost
 http_access allow all
ACL -, squid cache_object . :

telnet mycache.example.com 3128
GET cache_object://mycache.example.com/info HTTP/1.0

, cache_object, , , - .

, , cachemgr.cgi localhost. : 

 acl manager proto cache_object
 acl localhost src 127.0.0.1/255.255.255.255
 acl example src 123.123.123.123/255.255.255.255
 acl all src 0.0.0.0/0.0.0.0
123.123.123.123 IP web . : 
 http_access deny manager !localhost !example
 http_access allow all
, web , squid. , - squid web , . , web - , IP web , cachemgr.cgi example .

squid.conf SIGHUP squid'.

6.6 - URL?

, , , URL ( , ). cachemgr.cgi .

6.7 . ?

squid.conf cachemgr_passwd.

6.8 , cache host ?

Makefile.in : 
 HOST_OPT = # -DCACHEMGR_HOSTNAME="getfullhostname()"
web cachemgr.cgi , Squid #. web - , : 
 HOST_OPT = -DCACHEMGR_HOSTNAME=\"mycache.example.com\"
cachemgr.cgi.

6.9 TCP UDP Squid?

TCP web . UDP . UDP ICP .

6.10 , 1970 !

. ( - ) squid , .

6.11 -?

StoreEntry
.
IPCacheEntry
DNS.
Hash link
-.
URL strings
URL, , StoreEntry.
log cache:
PoolMemObject structures
, (, ).
Pool for Request structures
.
Pool for in-memory object
.

6.12 Pool for in-memory object ! ?

. . squid . , , cache_mem gopher, http ftp squid.conf.

6.13 "Total accounted" squid!

, . squid , , squid.

squid , , ! - , squid.

6.14 utilization, Other?

Other , .

6.15 utilization, Transfer KB/sec ?

. .

6.16 utilization, Object Count?

, .

6.17 utilization, Max/Current/Min KB?

// .

6.18 I/O?

read(2). .

6.19 Objects?

: URL . , . , ! .

6.20 VM Objects?

VM Objects . .

6.21 AVG RTT?

Average Round Trip Time. , ICP ping .

6.22 IP cache , hit, negative hit miss?

HIT , . MISS, . Negative hit , , .

6.23 IP cache?

Hostname , .

Flags:

C
.
N
.
P
.
D
.
L
, .
TTL "Time To Live" ( , ). ( , .)

N IP , hostname.

IP , IP cache.

6.24 cachemgr.cgi?

Cache Information cachemgr.cgi. : 
 Memory usage for squid via mallinfo():
 Total space in arena: 94687 KB
 Ordinary blocks: 32019 KB 210034 blks
 Small blocks: 44364 KB 569500 blks
 Holding blocks: 0 KB 5695 blks
 Free Small blocks: 6650 KB
 Free Ordinary blocks: 11652 KB
 Total in use: 76384 KB 81%
 Total free: 18302 KB 19%


 Meta Data:
 StoreEntry 246043 x 64 bytes = 15377 KB
 IPCacheEntry 971 x 88 bytes = 83 KB
 Hash link 2 x 24 bytes = 0 KB
 URL strings = 11422 KB
 Pool MemObject structures 514 x 144 bytes = 72 KB ( 70 free)
 Pool for Request structur 516 x 4380 bytes = 2207 KB ( 2121 free)
 Pool for in-memory object 6200 x 4096 bytes = 24800 KB ( 22888 free)
 Pool for disk I/O 242 x 8192 bytes = 1936 KB ( 1888 free)
 Miscellaneous = 2600 KB
 total Accounted = 58499 KB
mallinfo() , r 94M. , top (97M).

94M, 81% (76M) . , malloc(3) .

76M , 58.5M (76%). malloc(3).

Meta Data , . 45% StoreEntry URL . 42% , (Pool for in-memory object).

squid.conf. 1.0, : , . Pool for in-memory object, 1/2 cache_mem. Pool for disk I/O 200. MemObject Request 1/8 FD_SETSIZE.

, 'http', 'ftp' 'gopher' . cache_mem. cache_mem , . Squid memory_pools off .

6.25 fqdncache ipcache?

IPCache Hostname IP-Number, FQDNCache .

: 

==============================================================================



IP Cache Contents:
Hostname Flags lstref TTL N [IP-Number]
gorn.cc.fh-lippe.de C 0 21581 1 193.16.112.73
lagrange.uni-paderborn.de C 6 21594 1 131.234.128.245
www.altavista.digital.com C 10 21299 4 204.123.2.75 204.74.103.37 204.123.2.66 204.123.2.69
2/ftp.symantec.com DL 1583 -772855 0



Flags: C -->  
 D --> 
 N -->  
 L --> 

lstref:     
 TTL: Time-To-Live ( )      
 N:  



==============================================================================



FQDN Cache Contents:

IP-Number Flags TTL(?) N Hostname]

130.149.17.15 C -45570 1 andele.cs.tu-berlin.de
194.77.122.18 C -58133 1 komet.teuto.de
206.155.117.51 N -73747 0

Flags: C -->  
 D --> 
 N -->  
 L --> 
 TTL: Time-To-Live
 N:

7 Troubleshooting

7.1 : "Proxy Access Denied"?

squid httpd-, HTTP HTTP , . , -HTTP , :

http_accel_with_proxy on

, ACL. access.log squid.conf.

7.2 local_domain.

Squid .

local_domain . . , cache_stoplist http_stop ( ).

7.3 , Connection Refused, , .

ICP , HTTP -, ICP , ICP , , . http_port, .

7.4

, Too many open files. - . . : , , - .

Linux, filehandle.patch.linux Michael O'Reilly <michael@metal.iinet.net.au>.

Solaris, /etc/system:

set rlim_fd_max = 4096
set rlim_fd_cur = 1024

#define SQUID_FD_SETSIZE include/config.h , rlim_fd_max. 4096.

Solaris select(2) 1024 , src/Makefile $(USE_POLL_OPT). squid.

FreeBSD ( Torsten Sturm <torsten.sturm@axis.de>):

?
sysctl -a kern.maxfilesperproc.
?
sysctl -w kern.maxfiles=XXXX

sysctl -w kern.maxfilesperproc=XXXX
: , maxfiles > maxfilesperproc.
?
, . . , (, ).
BSD- (SunOS, 4.4BSD, OpenBSD, FreeBSD, NetBSD, BSD/OS, 386BSD, Ultrix) " " ( ):
?
pstat -T files, current/maximum.
?
- maxusers . , , .
?
param.c maxusers .
:
SunOS
nfile /usr/kvm/sys/conf.common/param.c :

int nfile = 16 * (NPROC + 16 + MAXUSERS) / 10 + 64;
NPROC :
#define NPROC (10 + 16 * MAXUSERS)
FreeBSD ( 2.1.6)
SunOS, /usr/src/sys/conf/param.c maxusers, maxfiles maxfilesperproc:

int maxfiles = NPROC*2;
int maxfilesperproc = NPROC*2;
NPROC :
#define NPROC (20 + 16 * MAXUSERS)
:
options OPEN_MAX=128
BSD/OS ( 2.1)
/usr/src/sys/conf/param.c maxfiles :

int maxfiles = 3 * (NPROC + MAXUSERS) + 80;
NPROC :
#define NPROC (20 + 16 * MAXUSERS)
OPEN_MAX, .
: Squid. Squid' , . : 
 cd squid-1.1.x
 make realclean
 ./configure --prefix=/usr/local/squid
 make

7.5 squid , malloc(3) , !

, , , -root . BSD/OS , . , : 
options DFLDSIZ=67108864 # 64 meg default max data size (was 16)
options MAXDSIZ=134217728 # 128 meg max data size (was 64)
.

Digital UNIX, /etc/sysconfigtab ... 

proc:
 per-proc-data-size=1073741824
, csh, limit ...
zpoprp.zpo.dec.com> limit datasize 1024M

/etc/sysconfigtab , limit - .

7.6 ?

: 
97/01/23 22:31:10| Removed 1 of 9 objects from bucket 3913
97/01/23 22:33:10| Removed 1 of 5 objects from bucket 4315
97/01/23 22:35:40| Removed 1 of 14 objects from bucket 6391
log , , squid cache_swap_high.

cache information cachemgr.cgi : 

 Storage LRU Expiration Age: 364.01 days
, , . LRU Expiration Age reference_age .

7.7 cache_effective_user nobody Linux?

, cache_effective_user nobody Linux : 
FATAL: Don't run Squid as root, set 'cache_effective_user'!
, cache_effective_user nobody, . , Squid cache_effective_user.

UID nobody 65535 65534.

7.8 Windows NT FTP Unix ?

! : ftp.

( ), "Properties" , "directories", "Directory listing style." "Unix" type, "MS-DOS" type.

--Oskar Pearson <oskar@is.co.za>

7.9 ERR_NO_CLIENTS_BIG_OBJ?

, " " . " " :
  1. , maximum_object_size
  2. , proxy-only.

7.10 Squid !?

Squid , . , FAQ: Squid malloc . :

7.11 "Ignoring MISS from non-peer x.x.x.x"?

ICP MISS ( UDP) , IP . .

(1) , DNS. -, . IP DNS, Squid 'udp_outgoing_address'.

: 

# (squid.conf  )
#
udp_outgoing_address proxy.parent.com


# ( squid.conf)
#
cache_host proxy.parent.com parent 3128 3130
(2) ICP . , Squid , . , log . , , , , .

8 Squid ?

8.1 ?

Internet , , : FTP, HTTP, gopher. Internet , ( , URL, ), .

8.2 ICP?

ICP squid. ICP Internet Cache Protocol, 2 , http://www.nlanr.net/Cache/ICP/ICP-id.txt.

ICP . squid , ICP , ICP "HIT" ("") "MISS" (""). MISS.

ICP TCP . ICP UDP. Squid ICP.

8.3 dnsserver?

Dnsserver squid IP . - , gethostbyname(3) DNS .

Squid /, DNS . dnsserver DNS, squid`.

8.4 ftpget?

ftpget FTP , FTP . - , FTP , squid.

8.5 FTP PUT

, FTP put squid. - / - .

, ftpput.

8.6 ? ?

- / , , Internet , Internet. "" . , , , , , . , , Internet "" , , .

/ , squid , , . , Internet, , . , "".

8.7 Squid?

  1. ICP
  2. , ( ).
  3. HIT ,
  4. , MISS ( ),
  5. Internet
.

single_parent_bypass ICP , ( , , ?)

8.8 Squid ?

, ( ) , , - URL, .

, http://squid.nlanr.net/Squid/Devel/todo.html.

http://squid.nlanr.net/Squid/Devel/.

8.9 Internet

. . Internet , http://www.nlanr.net/NA/.

8.10 NLANR?

, , . .. 50%, , . , , , , .

8.11 ?

FAQ http://www.greatcircle.com/firewalls/
$Id: footer,v 1.3 1997/03/13 16:19:52 wessels Exp $