OK. Here's the relevant section in my squid config in case you need it:
===[cut]===
# vcache peer setup
cache_peer 127.0.0.1 parent 8088 9999 proxy-only no-digest name=vcache
acl vcache url_regex -i "/z/vcache/etc/squid3/vcache.acl"
cache_peer_access vcache allow vcache
cache_peer_access vcache deny all
# externel routing helper
external_acl_type router children-max=20 children-startup=1
children-idle=1 concurrency=10000 %METHOD %URI %PROTO
/z/vcache/bin/router.js
# returns either:
# <channel> ERR
# <channel> OK tag=peer-miss
# <channel> OK tag=peer-hit
# force direct in case of ERR
acl 2peer external router
always_direct allow !2peer
# TOS marking based on routing helper response. Checking for the
effect with: tcpdump -i eth0 -v -n ip and ip[1]=0x10
acl peering tag peer-hit # doesn't work with this acl in Squid 3.3.8
#acl peering src 10.211.55.2 # TOS marking works as expected with this acl
clientside_tos 0x10 peering
clientside_tos 0x00 !peering
===[cut]===
Hope this helps!
Niki
On Fri, Sep 6, 2013 at 10:10 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 6/09/2013 11:56 a.m., Nikolai Gorchilov wrote:
>>
>> Sorry for the late reply. Was traveling in the last two days.
>>
>> On Wed, Sep 4, 2013 at 10:05 AM, Amos Jeffries <squid3_at_treenet.co.nz>
>> wrote:
>>
>>> I would use an external_acl_type helper to do the calculation about
>>> whether a request was to be cached and set a tag=value on the transaction.
>>> The tag type ACL can then test for this tag and do a "cache deny". Since you
>>> have all traffic
>>>
>>> Something like this:
>>>
>>> external_acl_type tagger ttl=0 %URL ... (helper returns "OK
>>> tag=first-seen" or just "OK").
>>> acl firstSeen external tagger
>>> acl taggedFirst tag first-seen
>>> http_accesss deny firstSeen !all
>>> cache deny !taggedFirst
>>
>> Yeah. Did something like this, works like a charm.
>>
>> Even tried to remove all ICP as it is used only for marking via
>> qos_flows parent. The helper mostly replicates the logic behind our
>> custom ICP listener and returning tag=parent-hit was a no brainer.
>> Unfortunately I have discovered that clientside_tos doesn't support
>> slow acls like tag. I believe this fact has to be mentioned somewhere
>> at http://www.squid-cache.org/Doc/config/clientside_tos/. Will stick
>> to ICP HIT/MISS & quos_flows for DSP marking for now, while observing
>> ZPH kernel patch as an alternative.
>
>
> 'tag' is a fast-ACL check against the transactions existing tag. I recoomend
> it a lot to prevent mistakes using external_acl_type tests in fast ACL
> checks. Perhapse you have found a bug in the clientside_tos - checking
> that now.
>
>
>> Thanks Amos. For all the efforts keeping the squid development going
>> and it's community alive :)
>
>
> Welcome
>
> Amos
Received on Fri Sep 06 2013 - 11:18:46 MDT
This archive was generated by hypermail 2.2.0 : Fri Sep 06 2013 - 12:00:04 MDT