Disregarding the complaints about Cisco configuration, here is a simple example: If I want to intercept plain HTTP on ports 8008 and 8080:
wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080 Squid 3.4.12 will still give this incorrect error: FATAL: Bungled /usr/local/etc/squid/squid.conf line 55: wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080 WCCP2 is documented as allowing up to 8 ports per service. This is broken by parsing changes in Squid 3.4. Regards, Guy > On Mar 3, 2015, at 12:15 PM, Yuri Voinov <[email protected]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Don't think this is bug. > > You got very custom configuration, which can not be common. > > As I said, HTTP ports other than 80 is very rarely used in WAN's. And > be better to separate HTTPS port from HTTP. > > Modern iOS can not accept your configuration. Beware. > > 03.03.15 23:57, Guy Helmer пишет: >> Thanks Yuri -- I have thoroughly read Cisco IOS configuration >> manuals pertaining to WCCP2. From what I have read, there is no >> strict requirement for separate configurations for standard >> web-cache port 80 and dynamic service for non-port 80 — wccp2 >> dynamic services allow redirection of any ports (up to a total of >> 8), including port 80. As I’ve stated before, this was a working >> configuration in squid 3.3 at multiple sites. If there is a >> rationale for distinct wccp2 service configurations for port 80 vs >> other ports, I sure could use a reference that explains it. >> >> As I’ve pointed out, there is a bug in Squid 3.4 that prevents >> specifying multiple TCP ports in the wccp2_service_info line. I’ve >> corrected that now in my sources. After fixing that bug, squid >> 3.4.12 is functioning with WCCP2 interception for port 80, 443, and >> others as it did in version 3.3.x. >> >> Regards, Guy >> >>> On Mar 3, 2015, at 11:29 AM, Yuri Voinov <[email protected]> >>> wrote: >>> >> Please, read Cisco iOS WCCPv2 manual first. >> >> This one: >> >> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html >> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html >> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>> >> >> and this one: >> >> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 >> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 >> >> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>> >> >> wccp web-cache uses port 80 by default. Other http ports is less >> than percentile on web-traffic. >> >> https requires another dynamic wccp service. >> >> Also, take a look on config example again. >> >> This is working configuration. >> >> 03.03.15 23:21, Guy Helmer пишет: >>>>> It has worked in the past with WCCP2 dynamic services at >>>>> multiple sites. >>>>> >>>>> I’ve uncovered the wccp2_service_info ports parsing error: >>>>> >>>>> --- src/wccp2.cc.ORIG 2015-03-03 11:08:18.000000000 -0600 >>>>> +++ src/wccp2.cc <http://wccp2.cc/> 2015-03-03 11:10:37.000000000 >>>>> -0600 @@ >>>>> -2264,7 +2264,10 @@ if (i >= WCCP2_NUMPORTS) { >>>>> fatalf("parse_wccp2_service_ports: too many ports (maximum: >>>>> 8) in list '%s'\n", options); } - int p = xatoi(tmp); >>>>> + char copy[len + 1]; + memcpy(copy, tmp, len); + >>>>> copy[len] = '\0'; + int p = xatoi(copy); >>>>> >>>>> if (p < 1 || p > 65535) { fatalf("parse_wccp2_service_ports: >>>>> port value '%s' isn't valid (1..65535)\n", tmp); >>>>> >>>>> >>>>>> On Mar 3, 2015, at 11:06 AM, Yuri Voinov >>>>>> <[email protected] <mailto:[email protected]>> wrote: >>>>>> >>>>> You cannot combine HTTP and HTTPS in one WCCP service. >>>>> >>>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 >>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2> >>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 >>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>> >>>>> >>>>> >>>>> >>>>> >>>>> > 03.03.15 23:04, Guy Helmer пишет: >>>>>>>> This used to work in 3.3.x: >>>>>>>> >>>>>>>> wccp2_service_info 94 protocol=tcp >>>>>>>> flags=dst_ip_hash,ports_source priority=240 >>>>>>>> ports=80,81,83,591,8008,8080,443 >>>>>>>> >>>>>>>> squid 3.4.12 fails: 2015/03/03 11:02:33.109| >>>>>>>> cache_cf.cc(556) parseOneConfigFile: Processing: >>>>>>>> wccp2_service_info 94 protocol=tcp >>>>>>>> flags=dst_ip_hash,ports_source priority=240 >>>>>>>> ports=80,81,83,591,8008,8080,443 2015/03/03 >>>>>>>> 11:02:33.109| wccp2.cc <http://wccp2.cc/> <http://wccp2.cc/ >>>>>>>> <http://wccp2.cc/>>(2298) >>>>>>>> parse_wccp2_service_info: parse_wccp2_service_info: >>>>>>>> called 2015/03/03 11:02:33.109| ERROR: Invalid value: >>>>>>>> '80,81,83,591,8008,8080,443' is supposed to be a >>>>>>>> number. >>>>>>>> >>>>>>>> Any help? >>>>>>>> >>>>>>>> Thanks, Guy >>>>>>>> _______________________________________________ >>>>>>>> squid-users mailing list >>>>>>>> [email protected] >>>>>>>> <mailto:[email protected]> >>>>>>>> <mailto:[email protected] >>>>>>>> <mailto:[email protected]>> >>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users>> >>>>>>>> >>>>>> _______________________________________________ >>>>>> squid-users mailing list [email protected] >>>>>> <mailto:[email protected]> >>>>>> <mailto:[email protected] >>>>>> <mailto:[email protected]>> >>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>>>> <http://lists.squid-cache.org/listinfo/squid-users >>>>>> <http://lists.squid-cache.org/listinfo/squid-users>> >>>>> >> >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJU9fpNAAoJENNXIZxhPexG+hoH/33NudcBRvS5Z/D/8wCN8Hwq > 4+efhgF3dCfimb2kQjQFq3JsK6JvPUJO7TJm2h8tzqlAMOnBUuoM/MHEg48skcL2 > +udKwPUC/WO0GXVlNFdln3a4ozYotDmpwZIvwzBTPm5dpcwMi/bCX2oOyzq4y8yr > mHzYEYmaP1tKF4bzEqlRsOIkrKUFvTvw6HlMoZ1EDE3Qp6WlM6WWiaf8rOoMKVRn > dGBPvmvRo79OEMXkvc167BH2j8phOFs7XPUw9mWw7nY93jKEcBxxKl4PpwkK7km/ > am7DeV7uLQtnA5nuPs4QC063YRBEAu/8mjONRq5ytJurP8nUUsV46+sdl0EMY44= > =S5O/ > -----END PGP SIGNATURE-----
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
