Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

Fri, 24 Jun 2022 04:04:19 -0700 

Hi Elizer

No, Fortinet is good.
In this case is connecting HTTP/HTTPs with WCCP from Fortinet to squid did not work, because SQUID refuse to communicate with Fortinet according to "Ignoring WCCPv2 message: truncated record" issue. 

With Squid,  Fortinet report that is no WCCP server available.


Le 23/06/2022 à 18:33, ngtech1...@gmail.com a écrit :


Hey David,

Just trying to understand something:

Aren’t Fortinet something that should replace squid?

I assumed that it should do a much better job then Squid in many aeras.

What a Fortinet(I have one…) is not covering?

Thanks,

Eliezer

----

Eliezer Croitoru

NgTech, Tech Support

Mobile: +972-5-28704261

Email: ngtech1...@gmail.com

Web: https://ngtech.co.il/

My-Tube: https://tube.ngtech.co.il/
*From:*squid-users <squid-users-boun...@lists.squid-cache.org> *On Behalf Of *David Touzeau 
*Sent:* Thursday, 23 June 2022 19:12
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record 

Hi Alex,

is the v5 commit 7a73a54 already included in the latest 5.5,5.6 versions?
This is very unfortunate because WCCP is used by default by Fortinet firewall devices. It should be very popular. 
Indeed, Fortinet is flooding the market.
I can volunteer for the funding and the necessary testing to be done.

Le 23/06/2022 à 14:44, Alex Rousskov a écrit :

    On 6/21/22 07:43, David Touzeau wrote:


        We trying to using WCCP with Fortigate without success Squid
        version  5.5 always claim "Ignoring WCCPv2 message: truncated
        record"

        What can be the cause ?


    The most likely cause are bugs in untested WCCP fixes (v5 commit
    7a73a54). Dormant draft PR 970 contains unfinished fixes for the
    problems in that previous attempt:
    https://github.com/squid-cache/squid/pull/970

    IMHO, folks that need WCCP support should invest into that
    semi-abandoned Squid feature or risk losing it. WCCP code needs
    serious refactoring and proper testing. There are currently no
    Project volunteers that have enough resources and capabilities to
    do either.

    
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F



    HTH,

    Alex.



        We have added a service ID 80 on fortigate

        config system wccp
             edit "80"
                 set router-id 10.10.50.1
                 set group-address 0.0.0.0
                 set server-list 10.10.50.2 255.255.255.255
                 set server-type forward
                 set authentication disable
                 set forward-method GRE
                 set return-method GRE
                 set assignment-method HASH
             next
        end

        Squid wccp configuration

        wccp2_router 10.10.50.1
        wccp_version 3
        # tested v4 do the same behavior
        wccp2_rebuild_wait on
        wccp2_forwarding_method gre
        wccp2_return_method gre
        wccp2_assignment_method hash
        wccp2_service dynamic 80
        wccp2_service_info 80 protocol=tcp protocol=tcp
        flags=src_ip_hash priority=240 ports=80,443
        wccp2_address 0.0.0.0
        wccp2_weight 10000

        Squid claim in debug log

        022/06/21 13:15:38.780 kid4| 80,6| wccp2.cc(1206)
        wccp2HandleUdp: wccp2HandleUdp: Called.
        2022/06/21 13:15:38.781 kid4| 5,5| ModEpoll.cc(118) SetSelect:
        FD 38, type=1, handler=1, client_data=0, timeout=0
        2022/06/21 13:15:38.781 kid4| 80,3| wccp2.cc(1230)
        wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 112.
        2022/06/21 13:15:38.781 kid4| ERROR: Ignoring WCCPv2 message:
        truncated record
             exception location: wccp2.cc(1133) CheckSectionLength
-- 
        _______________________________________________
        squid-users mailing list
        squid-users@lists.squid-cache.org
        http://lists.squid-cache.org/listinfo/squid-users


    _______________________________________________
    squid-users mailing list
    squid-users@lists.squid-cache.org
    http://lists.squid-cache.org/listinfo/squid-users

--

*Technical Support*

        
        

*David Touzeau***

Orgerus, Yvelines, France

*Artica Tech*


P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>


_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

--
Technical Support
        
        
*David Touzeau*
Orgerus, Yvelines, France
*Artica Tech*

P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to