Why no TCP_HITS using squid-deb-proxy

Question

I've followed all the advice here and the server log file updates when I do an update on another computer on the network.

However, I never see any TCP_HITs. I even grepped for them. This is some of the tail -f output.

1427226546.326     18 192.168.1.200 TCP_MISS/200 3185 GET http://gb.archive.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-headers-generic_3.13.0.48.55_amd64.deb - HIER_DIRECT/91.189.92.200 application/x-debian-package
1427226546.510    183 192.168.1.200 TCP_MISS/200 777943 GET http://gb.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_3.13.0-48.80_amd64.deb - HIER_DIRECT/91.189.92.200 application/x-debian-package
1427226568.142  21631 192.168.1.200 TCP_MISS/200 98066145 GET http://gb.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-3.13.0_3.13.0-48.80_all.deb - HIER_DIRECT/91.189.92.200 application/x-debian-package
1427226568.406     18 192.168.1.200 TCP_MISS/200 3179 GET http://gb.archive.ubuntu.com/ubuntu/pool/main/l/linux-meta/linux-source_3.13.0.48.55_all.deb - HIER_DIRECT/91.189.92.200 application/x-debian-package

It may be worth mentioning that the server is running Lubuntu 14.04, while the clients are running Ubuntu 14.04. However, I made sure I added the missing repos ("updates", I think) to the server's sources.list

What am I missing?

EDIT: My allowed-networks-src.acl looks like this:

# allowed-networks-src.conf
# 
# network sources that you want to allow access to the cache

# private networks
10.0.0.0/8 
172.16.0.0/12
192.168.0.0/16
192.168.1.0/255.255.0.0
192.168.1.202
192.168.1.201
192.168.1.200
127.0.0.1

# IPv6 private addresses
fe80::/64
::1/128

# additional non-private networks can be added to the directory:
#  /etc/squid-deb-proxy/allowed-networks-src.acl.d

Whats the output of grep "/var/spool/squid" /etc/squid/squid.conf ? — heemayl, Mar 24 '15 at 22:45
On the server there's no such folder in /etc, but there is a /etc/squid-deb-proxy/squid-deb-proxy.conf. That file does not contain /var/spool/squid — James Bradbury, Mar 25 '15 at 09:54
Whats the output of grep -ci "tcp_hit" /var/log/squid-deb-proxy/access.log ? — heemayl, Mar 25 '15 at 10:55
There's plenty of TCP_REFRESH_MODIFIED and TCP_REFRESH_UNMODIFIED, though. — James Bradbury, Mar 25 '15 at 13:50

score 1 · Answer 1 · answered Apr 16 '15 at 17:28

1

I had the same problem for several days after a fresh install, using all the default settings except adding dl.google.com to mirror-dstdomain.acl. I'd always get TCP_MISS.

The solution (after many many tries) was to add the exact network to allowed-networks-src.acl (don't forget to restart squid3 && restart squid-deb-proxy). Since then I see the beautiful TCP_MEM_HIT on every package.

(My network is 10.10.10.0/24, which is part of the 10.0.0.0/8 allowed in allowed-networks-src.acl. I do think this behaviour is not nice in a system calling itself zero config.)

answered Apr 16 '15 at 17:28

kaedinger

11

Thanks, I'll give this a try when I get time. Just to clarify, is the network IP the host server or the clients, or the router or something else? Is this link relevant? http://www.deckle.co.uk/squid-users-guide/squid-access-control-and-access-control-operators.html – James Bradbury Apr 16 '15 at 21:03
1

@JamesBradbury 10.10.10.0/24 or 10.0.0.0/8 is a network mask describing a subnetwork (http://en.wikipedia.org/wiki/Subnetwork). In the link you provided, the 'Source/Destination IP address' chapter is the relevant one concerning my solution, although it states that for squid this only describes the allowed IP addresses, which in my case was not completely correct. – kaedinger Apr 20 '15 at 10:02
Thanks, I tried updating my allowed networks (see edited question) with the three clients who will use it (the ...200 one also appears in the log), but I still get TCP_MISS on update. – James Bradbury May 05 '15 at 19:25

Why no TCP_HITS using squid-deb-proxy

1 Answers1