Re: pseudo-device gre and wccp/squid

[Gokhan ERYOL]

Actually, since "A gre(4) driver, which can encapsulate IP packets using GRE (RFC 1701) or minimal IP encapsulation for Mobile IP (RFC 2004), has been added", WCCP over GRE has not been working on FreeBSD Stable systems, because there is no WCCP support in new GRE driver. I tried the same things as you did. I e-mailed this situation several times to lists since 12/11/2002, but there is no action.

Henrik Nordstom from squid-cache.org, said that adding WCCP support to an existing GRE module is in most cases trivial as the packet format is identical to plain IP over GRE except for the protocol type, and that GRE is only used in one direction (Router -> Proxy) not as a bidirectional tunnel.

Regards
Gokhan ERYOL

Faried Nawaz wrote:

Hello,

Is anyone using the gre pseudo-device with squid for WCCP? Try as I might
I can't get it to work for me.

I'm using FreeBSD 4.7-STABLE, using ipfilter's ipnat to redirect packets.
I've done

ifconfig gre0 create
ifconfig gre0 aaa.bbb.ccc.ddd fff.ggg.hhh.iii netmask 255.255.255.255 link0 up
ifconfig gre0 tunnel aaa.bbb.ccc.ddd fff.ggg.hhh.iii
aaa.bbb.ccc.ddd is the web proxy's ip, fff.ggg.hhh.iii is the router's.

ipnat.rules has

rdr gre0 0.0.0.0/0 port 80 aaa.bbb.ccc.ddd port 8080 tcp

ipfilter is set to pass through all traffic, and there are no firewall rules
defined.

tcpdump on my ethernet interface shows gre packets coming in.

04:07:39.093205 fff.ggg.hhh.iii > aaa.bbb.ccc.ddd: gre gre-proto-0x883E

tcpdump on my gre0 interface shows incoming connections from the users, and
ipnat -l shows lots of redirects.

proxy1# ipnat -l | head
List of active MAP/Redirect filters:
rdr gre0 0.0.0.0/0 port 80 -> aaa.bbb.ccc.ddd port 8080 tcp

List of active sessions:
RDR aaa.bbb.ccc.ddd 8080 <- -> 207.44.178.61 80 [203.215.178.61 4122]
RDR aaa.bbb.ccc.ddd 8080 <- -> 205.188.250.25 80 [203.215.178.19 1612]
RDR aaa.bbb.ccc.ddd 8080 <- -> 66.51.99.157 80 [66.206.32.180 3769]
RDR aaa.bbb.ccc.ddd 8080 <- -> 64.94.89.238 80 [203.215.177.248 1172]
RDR aaa.bbb.ccc.ddd 8080 <- -> 207.46.104.20 80 [66.206.33.7 1601]
proxy1#

However, none of them get to squid.

Everything worked fine before the upgrade, but I was using the gre patch
from squid's web site to do the work. The new pseudo-device appears to
have WCCP-specific code in it, but it's not working.

Does anyone have this working? Anyone at all? I'm willing to break
down and switch to ipfw if that'll help, but I can't upgrade my machines
to 4.7 (and higher) properly without a fix. Surely someone has used this
since the code was commited.

(A hack would be to comment out all code related to the pseudo-device so
I can use the wccp-specific gre.c.)


Faried.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message