Re: [squid-users] FWD: squid 3.2.0.16 access log no longer strictly increase...? *ouch* -- bug or feature?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 28 Mar 2012 16:13:14 +1300

On 28.03.2012 13:28, Linda Walsh wrote:
> repost -- mailer bounded it -- for some reason it thinks that having
> multiple formats of a message to choose from is a security problem?
> Gee...
> good think squid doesn't reject things with type-info, or it wouldn't
> work at all.
>
> Guess things that reject all types are becoming the dinosaurs of the
> net.

It's just an executable code filter to prevent people spamming virus
and executable code at us. These list emails are archived and displayed
as HTML pages.

Also, it's hard to read your question amongst the code ...

>
> --------------090103050306030004050800
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: 8bit
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
> <style>
> /* Linda's Style playground (c) 2011 L. A Walsh (permission given to
> do w/this anything other than claim my original as your own!

<Okay I'll feel free to snip 3.3K of useless code then and get down to
the 1K of text in the middle>

> <body>
> Got a surprise in a new version of squid 3.2.0.16 -- in monitoring my
> log, my monitor prog burped and died. It didn't like trying to
> calculate the average rate over negative time period (for some reason
> it doesn't realize that time<br>
> can run backwards and data is actually sucked back out...;-))<br>
> <br>
> Is this normal now? One of the things I changed recently was going
> from <br>
> syslog, which tends to be pretty good about not having times go
> backwards, <br>
> to 'diskd'....<br>
> <br>
> Dunno if it is a bug or a feature, but it is a bit odd looking in a
> time-progression based log. I can at least prevent my script from
> gagging<br>
> at such, but is it supposed to be doing that??<br>

The question is why is your log processor diff'ing the request
completion timestamps? Squid handles requests in parallel. There is a
separate duration column to say how long each of those requests took to
process.

> <br>
> Thanks -- sample times included below from log -- ALL of these
> were<br>
> while I was connected to 'google', so ALL of them were 'CONNECT'
> log<br>
> messages, which might enter into the equation somewhere...<br>

Are you SSL-bumping? This would seem to be a side-effect of delayed
logging of a CONNECT which "finished" some time ago but only gets logged
after the tunnel data was finished and logged.

You can expect time to do these tricks on a smaller scale when SMP
workers share logs as well.

> -linda <br>
> (** indicates time going backwards)<br>
> <font face="Times New Roman, Times, serif"><br>
<snip>
> 1332885668.461<br>
> 1332885670.637<br>
> 1332885671.136<br>
> 1332885672.015<br>
> 1332885671.807**<br>
> 1332885672.527<br>
> 1332885672.325**<br>
> ---------------------<br>
> <br>
> </font><tt>p.s. -- OTOH, it could be a marketing feature... squid's
> so
> fast, it fetches content in negative time!<br>

Amos
Received on Wed Mar 28 2012 - 03:13:21 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 28 2012 - 12:00:04 MDT