Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

2022-06-24 Thread ngtech1ltd 
Hey David,
 
I am not sure and can spin up my Forti but from what I remember there are PBR 
functions in the Forti.
Why would a WCCP be required? To pass only ports 80 and 443 instead of all 
traffic?
 
Thanks,
Eliezer
 

Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com  
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
 
From: squid-users  On Behalf Of 
David Touzeau
Sent: Friday, 24 June 2022 14:04
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 
message: truncated record
 
Hi Elizer
No, Fortinet is good.
In this case is connecting HTTP/HTTPs with WCCP from Fortinet to squid did not 
work, because SQUID refuse to communicate with Fortinet according to "Ignoring 
WCCPv2 message: truncated record" issue.
With Squid,  Fortinet report that is no WCCP server available.
 
Le 23/06/2022 à 18:33, ngtech1...@gmail.com   a 
écrit :
Hey David,
 
Just trying to understand something:
Aren’t Fortinet something that should replace squid?
I assumed that it should do a much better job then Squid in many aeras.
What a Fortinet(I have one…) is not covering?
 
Thanks,
Eliezer
 

Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com  
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
 
From: squid-users   
 On Behalf Of David Touzeau
Sent: Thursday, 23 June 2022 19:12
To: squid-users@lists.squid-cache.org 
 
Subject: Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 
message: truncated record
 
Hi Alex,
is the v5 commit 7a73a54 already included in the latest 5.5,5.6 versions?

This is very unfortunate because WCCP is used by default by Fortinet firewall 
devices. It should be very popular.
Indeed, Fortinet is flooding the market.
I can volunteer for the funding and the necessary testing to be done.
Le 23/06/2022 à 14:44, Alex Rousskov a écrit :
On 6/21/22 07:43, David Touzeau wrote: 



We trying to using WCCP with Fortigate without success Squid version  5.5 
always claim "Ignoring WCCPv2 message: truncated record" 

What can be the cause ? 

The most likely cause are bugs in untested WCCP fixes (v5 commit 7a73a54). 
Dormant draft PR 970 contains unfinished fixes for the problems in that 
previous attempt: 
https://github.com/squid-cache/squid/pull/970 

IMHO, folks that need WCCP support should invest into that semi-abandoned Squid 
feature or risk losing it. WCCP code needs serious refactoring and proper 
testing. There are currently no Project volunteers that have enough resources 
and capabilities to do either. 

https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
 


HTH, 

Alex. 




We have added a service ID 80 on fortigate 

config system wccp 
 edit "80" 
 set router-id 10.10.50.1 
 set group-address 0.0.0.0 
 set server-list 10.10.50.2 255.255.255.255 
 set server-type forward 
 set authentication disable 
 set forward-method GRE 
 set return-method GRE 
 set assignment-method HASH 
 next 
end 

Squid wccp configuration 

wccp2_router 10.10.50.1 
wccp_version 3 
# tested v4 do the same behavior 
wccp2_rebuild_wait on 
wccp2_forwarding_method gre 
wccp2_return_method gre 
wccp2_assignment_method hash 
wccp2_service dynamic 80 
wccp2_service_info 80 protocol=tcp protocol=tcp flags=src_ip_hash priority=240 
ports=80,443 
wccp2_address 0.0.0.0 
wccp2_weight 1 

Squid claim in debug log 

022/06/21 13:15:38.780 kid4| 80,6| wccp2.cc(1206) wccp2HandleUdp: 
wccp2HandleUdp: Called. 
2022/06/21 13:15:38.781 kid4| 5,5| ModEpoll.cc(118) SetSelect: FD 38, type=1, 
handler=1, client_data=0, timeout=0 
2022/06/21 13:15:38.781 kid4| 80,3| wccp2.cc(1230) wccp2HandleUdp: Incoming 
WCCPv2 I_SEE_YOU length 112. 
2022/06/21 13:15:38.781 kid4| ERROR: Ignoring WCCPv2 message: truncated record 
 exception location: wccp2.cc(1133) CheckSectionLength 



-- 

___ 
squid-users mailing list 
squid-users@lists.squid-cache.org   
http://lists.squid-cache.org/listinfo/squid-users 

___ 
squid-users mailing list 
squid-users@lists.squid-cache.org   
http://lists.squid-cache.org/listinfo/squid-users 
-- 


Technical Support
David Touzeau
Orgerus, Yvelines, France
Artica Tech 

P: +33 6 58 44 69 46 
www: wiki.articatech.com   
www: articatech.net   
 



___
squid-users mailing list
squid-users@lists.squid-cache.org

Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

2022-06-24 Thread David Touzeau 

Hi Elizer

No, Fortinet is good.

In this case is connecting HTTP/HTTPs with WCCP from Fortinet to squid 
did not work, because SQUID refuse to communicate with Fortinet 
according to "Ignoring WCCPv2 message: truncated record" issue.


With Squid,  Fortinet report that is no WCCP server available.


Le 23/06/2022 à 18:33, ngtech1...@gmail.com a écrit :


Hey David,

Just trying to understand something:

Aren’t Fortinet something that should replace squid?

I assumed that it should do a much better job then Squid in many aeras.

What a Fortinet(I have one…) is not covering?

Thanks,

Eliezer



Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1...@gmail.com

Web: https://ngtech.co.il/

My-Tube: https://tube.ngtech.co.il/

*From:*squid-users  *On 
Behalf Of *David Touzeau

*Sent:* Thursday, 23 June 2022 19:12
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring 
WCCPv2 message: truncated record


Hi Alex,

is the v5 commit 7a73a54 already included in the latest 5.5,5.6 versions?

This is very unfortunate because WCCP is used by default by Fortinet 
firewall devices. It should be very popular.

Indeed, Fortinet is flooding the market.
I can volunteer for the funding and the necessary testing to be done.

Le 23/06/2022 à 14:44, Alex Rousskov a écrit :

On 6/21/22 07:43, David Touzeau wrote:


We trying to using WCCP with Fortigate without success Squid
version  5.5 always claim "Ignoring WCCPv2 message: truncated
record"

What can be the cause ?


The most likely cause are bugs in untested WCCP fixes (v5 commit
7a73a54). Dormant draft PR 970 contains unfinished fixes for the
problems in that previous attempt:
https://github.com/squid-cache/squid/pull/970

IMHO, folks that need WCCP support should invest into that
semi-abandoned Squid feature or risk losing it. WCCP code needs
serious refactoring and proper testing. There are currently no
Project volunteers that have enough resources and capabilities to
do either.


https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F



HTH,

Alex.



We have added a service ID 80 on fortigate

config system wccp
 edit "80"
 set router-id 10.10.50.1
 set group-address 0.0.0.0
 set server-list 10.10.50.2 255.255.255.255
 set server-type forward
 set authentication disable
 set forward-method GRE
 set return-method GRE
 set assignment-method HASH
 next
end

Squid wccp configuration

wccp2_router 10.10.50.1
wccp_version 3
# tested v4 do the same behavior
wccp2_rebuild_wait on
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp protocol=tcp
flags=src_ip_hash priority=240 ports=80,443
wccp2_address 0.0.0.0
wccp2_weight 1

Squid claim in debug log

022/06/21 13:15:38.780 kid4| 80,6| wccp2.cc(1206)
wccp2HandleUdp: wccp2HandleUdp: Called.
2022/06/21 13:15:38.781 kid4| 5,5| ModEpoll.cc(118) SetSelect:
FD 38, type=1, handler=1, client_data=0, timeout=0
2022/06/21 13:15:38.781 kid4| 80,3| wccp2.cc(1230)
wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 112.
2022/06/21 13:15:38.781 kid4| ERROR: Ignoring WCCPv2 message:
truncated record
 exception location: wccp2.cc(1133) CheckSectionLength



-- 


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

--

*Technical Support*




*David Touzeau***

Orgerus, Yvelines, France

*Artica Tech*


P: +33 6 58 44 69 46
www: wiki.articatech.com 
www: articatech.net 


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

--
Technical Support


*David Touzeau*
Orgerus, Yvelines, France
*Artica Tech*

P: +33 6 58 44 69 46
www: wiki.articatech.com 
www: articatech.net 
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users