running squid-1.0beta11 inside a firewall with slow parents

We're running squid-1.0beta11 inside a firewall with two parent
proxies running outside the firewall. Sometimes it seems that we
don't see the UDP replies from our parents and so we get the ``No ICP
replies received and the host is beyond the firewall'' error message.
Looking at proto.c, I see that if we only had one parent we'd try to
fetch the document from it anyway:

    if ((e = getSingleParent(request->host, NULL))) {
        /* last chance effort; maybe there was a single_parent and a ICP
         * packet got lost */
        hierarchy_log_append(url, HIER_SINGLE_PARENT, fd, e->host);
        return getFromCache(fd, entry, e, request);
    }

However, if we have two parents and for some reason we didn't hear
back from them, we just give up.

I don't know why we're missing lots of UDP replies from our parents,
but I don't like my users to keep getting those error messages. So, I
made this change to proto.c:

------------------------------------------------------------------------------
*** src/proto.c.ORIG Thu May 30 16:16:52 1996
--- src/proto.c Thu Jun 6 14:37:06 1996
***************
*** 363,368 ****
--- 367,376 ----
        hierarchy_log_append(url, HIER_SINGLE_PARENT, fd, e->host);
        return getFromCache(fd, entry, e, request);
      }
+ /* let us try getting it from any parent even if we did not hear back */
+ if (e = getFirstUpParent(request->host)) {
+ return getFromCache(fd, entry, e, request);
+ }
      hierarchy_log_append(url, HIER_NO_DIRECT_FAIL, fd, request->host);
      protoCancelTimeout(fd, entry);
      protoCantFetchObject(fd, entry,

-------------------------------------------------------------------------------

Is this a really bad idea? It seems to have helped so far. Ideally
I'd like to figure out why the UDP replies aren't making it back, but
this patch seems to have helped as a workaround to the problem.
Received on Thu Jun 06 1996 - 13:11:58 MDT