RE: [squid-users] FreeBSD 4.9-Stable and WCCP not Working

[Cam]

Which indicates a code level issue rather than environmental or config.
I also insured packet forwarding is on. I'll dig around some BSD
resources and see if I can find additional info. Of course if anyone has
a working WCCP config with FreeBSD 4.9-S please speak up.


-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 07, 2004 11:18 AM
To: Cam
Cc: [EMAIL PROTECTED]
Subject: Re: [squid-users] FreeBSD 4.9-Stable and WCCP not Working


On Sat, 7 Feb 2004, Cam wrote:

> After much testing and pondering, my attempts to get this working have

> failed. I have FreeBSD 4.9-Stable and a 2611 router. This used to work

> perfectly with FreeBSD 4.6. Once I get the GRE tunnel up I can ping 
> between the hosts no problem. When I activate WCCP it sees squid and 
> forwards packets, but that's where I am stuck. I am not getting any 
> hits on my IPFW redirect. When I point the browser directly to the gre

> interface, port 80, it works though. Here is what a failed WCCP req 
> looks like at the proxy interface...


Have you verified the 4.9-Stable GRE module supports WCCP without any 
special configuration?

Maybe they have added support for WCCPv2 to the kernel, in which case
some 
configuration may be required to indicate if WCCPv2 or WCCPv1 is used. 
Both use the same protocol number in GRE but are fundamentally different

in the frame format.

Quick check.. no it does not look like FreeBSD 4.9 has support for
WCCPv2. 
WCCPv1 should just work assuming there is a matching tunnel defined.

The WCCP control channel between Squid and the router seems to work
fine.  
It is just the decapsulation of the redirected WCCP/GRE packets which
does not work and it is this aspect of WCCP you need to focus on
solving.

Regards
Henrik

[squid-users] FreeBSD 4.9-Stable and WCCP not Working

[Cam]

After much testing and pondering, my attempts to get this working have
failed. I have FreeBSD 4.9-Stable and a 2611 router. This used to work
perfectly with FreeBSD 4.6. Once I get the GRE tunnel up I can ping
between the hosts no problem. When I activate WCCP it sees squid and
forwards packets, but that's where I am stuck. I am not getting any hits
on my IPFW redirect. When I point the browser directly to the gre
interface, port 80, it works though. Here is what a failed WCCP req
looks like at the proxy interface...

[EMAIL PROTECTED] Sat 07 10:16:56[/]# tcpdump -nvpi gre0
tcpdump: listening on gre0
10:18:28.525760 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 12, len 72)
10:18:30.681303 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 13, len 72)
10:18:32.128585 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60324, len 80)
10:18:32.131244 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20220, len 92)
10:18:33.645334 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 14, len 72)
10:18:39.580227 192.168.201.1 > 192.168.201.2: gre gre-proto-0x883E (ttl
255, id 15, len 72)
10:18:42.578353 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60330, len 80)
10:18:42.580954 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20223, len 92)
10:18:52.698008 192.168.201.2.2048 > 192.168.201.1.2048: [udp sum ok]
udp 52 (ttl 64, id 60337, len 80)
10:18:52.700669 192.168.201.1.2048 > 192.168.201.2.2048: [udp sum ok]
udp 64 (ttl 255, id 20225, len 92)

Then I just get "Page cannot be displayed". I recall seeing that GRE was
broke on 4.9 which is the only explanation I can come up with as I have
tried everything. Or am I missing something?  Here are the config
details:


FReeBSD info:

ifconfig gre0 destroy
ifconfig gre0 create
ifconfig gre0 192.168.201.2 192.168.201.1 netmask 255.255.255.252 link1
ifconfig gre0 tunnel 192.168.200.2 192.168.200.1 up

gre0: flags=b051 mtu 1476
inet 192.168.201.2 --> 192.168.201.1 netmask 0xfffc 
inet6 fe80::208:c7ff:fed9:cb83%gre0 prefixlen 64 scopeid 0x8


[EMAIL PROTECTED] Sat 07 10:14:39[/]# ping 192.168.201.1
PING 192.168.201.1 (192.168.201.1): 56 data bytes
64 bytes from 192.168.201.1: icmp_seq=0 ttl=255 time=2.000 ms
64 bytes from 192.168.201.1: icmp_seq=1 ttl=255 time=2.027 ms
64 bytes from 192.168.201.1: icmp_seq=2 ttl=255 time=2.084 ms

Note: GRE on isolated /30.

[EMAIL PROTECTED] Sat 07 10:16:35[/]# ipfw -d show
00030  44724 19062106 allow ip from any to any via lo0
00031 162542 53667451 allow ip from any to any via fxp0
00041 90 8148 allow udp from 192.168.201.1 to any in recv gre0
00042 95 8700 allow udp from 192.168.201.2 to any out xmit gre0
00043 67 4808 allow gre from 192.168.201.1 to any in recv gre0
00044  00 fwd 127.0.0.1,3128 tcp from any to any dst-port 80
via gre0 in


Squid info:

wccp_router 192.168.201.1
wccp_version 4


[EMAIL PROTECTED] Sat 07 10:13:25[/]# /usr/local/etc/rc.d/squid.sh start
 [EMAIL PROTECTED] Sat 07 10:13:27[/]# Feb  7 10:13:27 dome squid[14101]:
Squid Parent: child process 14103 started
Feb  7 10:13:28 dome squid[14103]: Starting Squid Cache version
2.5.STABLE4 for i386-unknown-freebsd4.9... 
Feb  7 10:13:28 dome squid[14103]: Process ID 14103 
Feb  7 10:13:28 dome squid[14103]: With 3584 file descriptors available 
Feb  7 10:13:28 dome squid[14103]: Performing DNS Tests... 
Feb  7 10:13:28 dome squid[14103]: Successful DNS name lookup tests... 
Feb  7 10:13:28 dome squid[14103]: DNS Socket created at 0.0.0.0, port
2830, FD 5 
Feb  7 10:13:28 dome squid[14103]: Adding nameserver 127.0.0.1 from
squid.conf 
Feb  7 10:13:28 dome squid[14103]: Unlinkd pipe opened on FD 10 
Feb  7 10:13:28 dome squid[14103]: Swap maxSize 512000 KB, estimated
39384 objects 
Feb  7 10:13:28 dome squid[14103]: Target number of buckets: 1969 
Feb  7 10:13:28 dome squid[14103]: Using 8192 Store buckets 
Feb  7 10:13:28 dome squid[14103]: Max Mem  size: 8192 KB 
Feb  7 10:13:28 dome squid[14103]: Max Swap size: 512000 KB 
Feb  7 10:13:28 dome squid[14103]: Rebuilding storage in /var/webcache
(CLEAN) 
Feb  7 10:13:28 dome squid[14103]: Using Least Load store dir selection 
Feb  7 10:13:28 dome squid[14103]: Current Directory is
/usr/local/squid/var/logs 
Feb  7 10:13:28 dome squid[14103]: Loaded Icons. 
Feb  7 10:13:28 dome squid[14103]: Accepting HTTP connections at
0.0.0.0, port 3128, FD 12. 
Feb  7 10:13:28 dome squid[14103]: Accepting ICP messages at 0.0.0.0,
port 3130, FD 13. 
Feb  7 10:13:28 dome squid[14103]: Accepting WCCP messages on port 2048,
FD 14. 
Feb  7 10:13:28 dome squid[14103]: Ready to serve requests. 


2611 info:

ip wccp version 1
ip wccp web-cache redirect-list 1

interface ATM0/0.1 point-to-point
 ip address 10.100.1.56 255.255.0.0
 ip access-group 105 in
 ip nat outside
 ip wccp web-cache redirect out
 pvc 8/35 
  encapsulation aal5snap

interface Tu