[squid-users] Problems with cache peering, sourcehash, *_uses_indirect, and follow_x_forwarded_for from Martín Ferco on 2013-09-23 (squid-users)

From: Martín Ferco <martinferco_at_gmail.com>
Date: Mon, 23 Sep 2013 18:06:50 -0300

Hello,

I'm trying to use DansGuardian together with Squid and load-balancing
to use more than one ISP.

I've been able to achieve this by using cache_peer, and I should be
able to perform load balancing with the following two lines:

{{{
cache_peer squid-isp1 parent 13128 0 no-query round-robin sourcehash proxy-only
cache_peer squid-isp2 parent 23128 0 no-query round-robin sourcehash proxy-only
}}}

These two cache-peers run on the same box, as you can see.

I've also made sure that indirect options are set properly like this:

acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
follow_x_forwarded_for allow localhost

I'm sure that's working fine as the logs show the correct information
for different IP addresses (and not 127.0.0.1, where DansGuardian is
running as well).

Now, the problem with the original two lines is "sourcehash". It lookw
like it's *NOT* using the 'indirect' feature. I've set squid debug
options to "39,2", and the following is shown in the logs:

{{{
2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
2013/09/23 15:10:21| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
2013/09/23 15:10:21| peerSourceHashSelectParent: selected squid-isp1
2013/09/23 15:10:21| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
}}}

So, basically, the IP where DansGuardian is running is being hashed,
instead of the original one. When looking at the sourcecode for
version 2.7.STABLE9 (the one I'm using), it looks like client_addr is
used instead of the indirect one as the key in
"src/peer_sourcehash.c":

{{{
key = inet_ntoa(request->client_addr);
}}}

This also seems to happen in the latest 3.3 version of squid.

Could this be fixed by adding the following lines to that file, after
that line shown above:

{{{
#if FOLLOW_X_FORWARDED_FOR
key = inet_ntoa(request->indirect_client_addr;
#endif /* FOLLOW_X_FORWARDED_FOR */
}}}

Are you aware of this problem, or am I doing something wrong?

Thanks,
Martín.
Received on Mon Sep 23 2013 - 21:06:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 24 2013 - 12:00:04 MDT