[squid-users] WCCPv2 GRE with 2.6 on Linux

[Stephen Fletcher]

Hi
I have compiled the Debian Unstable package of Squid 2.6.3 and cannot get
WCCPv2 GRE working.
I have built with standard confiure options so WCCPv2 support should be
available. I configure my wccp2_router and leave it as other default wccp2
options such that it is using ID 0 and GRE. I see the squid proxy ip has
register itself with my Pix. However when GRE packets are sent to the Squid
cache there is no response from Squid. I can't see squid listening on
protocol 47, and nothing shows in the squid access.log.

gre0  Link encap:UNSPEC  HWaddr
00-00-00-00-07-08-00-00-00-00-00-00-00-00-00-00  
  UP RUNNING NOARP  MTU:1476  Metric:1
  RX packets:394 errors:0 dropped:0 overruns:0 frame:0
  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:0 
  RX bytes:18912 (18.4 KiB)  TX bytes:0 (0.0 b)

netstat -plane | egrep -i '(squid|47|gre)'
tcp0  0 0.0.0.0:31280.0.0.0:*   LISTEN
0  70715  364/(squid) 
udp0  0 172.16.1.7:2048 172.16.1.1:2048
ESTABLISHED13 70717  364/(squid) 
udp0  0 0.0.0.0:31300.0.0.0:*
0  70716  364/(squid) 
udp0  0 0.0.0.0:10880.0.0.0:*
13 70709  364/(squid) 
unix  2  [ ] DGRAM70708364/(squid)

unix  2  [ ] DGRAM70704362/squid



From Cache.log
2006/09/02 17:28:52| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 13.
2006/09/02 17:28:52| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
2006/09/02 17:28:52| HTCP Disabled.
2006/09/02 17:28:52| WCCP Disabled.
2006/09/02 17:28:52| Accepting WCCPv2 messages on port 2048, FD 15.
2006/09/02 17:28:52| Initialising all WCCPv2 lists

Registered with Pix...
WCCP-PKT:S00: Received valid Here_I_Am packet from 172.16.1.7 w/rcv_id
1AA4
WCCP-PKT:S00: Sending I_See_You packet to 172.16.1.7 w/ rcv_id 1AA5

I also decided to try using the ip_wccp module instead of ip_gre but it
wouldn't compile with 2.6.17.8. I would prefer to not pursue this method
however.

RE: [squid-users] WCCPv2 GRE with 2.6 on Linux

[Stephen Fletcher]

My config options 

configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin'
'--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads'
'--enable-storeio=ufs,aufs,diskd,null' '--enable-linux-netfilter'
'--enable-linux-proxy' '--enable-arp-acl' '--enable-epoll'
'--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools'
'--enable-htcp' '--enable-cache-digests' '--enable-underscores'
'--enable-referer-log' '--enable-useragent-log'
'--enable-auth=basic,digest,ntlm' '--enable-carp' '--with-large-files'
'i386-debian-linux' 'build_alias=i386-debian-linux'
'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'

-Original Message-
From: Adrian Chadd [mailto:[EMAIL PROTECTED] 
Sent: Saturday, 2 September 2006 12:46 PM
To: Stephen Fletcher
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] WCCPv2 GRE with 2.6 on Linux

On Sat, Sep 02, 2006, Stephen Fletcher wrote:
 Hi
 I have compiled the Debian Unstable package of Squid 2.6.3 and cannot get
 WCCPv2 GRE working.
 I have built with standard confiure options so WCCPv2 support should be
 available. I configure my wccp2_router and leave it as other default wccp2
 options such that it is using ID 0 and GRE. I see the squid proxy ip has
 register itself with my Pix. However when GRE packets are sent to the
Squid
 cache there is no response from Squid. I can't see squid listening on
 protocol 47, and nothing shows in the squid access.log.

Can you post a squid -v?

I've been running squid-2.6 and squid-3 with wccpv2 and it works fine.
The thing I initially forgot was --enable-linux-netfilter.
It'll run; it just won't work. :)


 Registered with Pix...
 WCCP-PKT:S00: Received valid Here_I_Am packet from 172.16.1.7 w/rcv_id
 1AA4
 WCCP-PKT:S00: Sending I_See_You packet to 172.16.1.7 w/ rcv_id 1AA5
 
 I also decided to try using the ip_wccp module instead of ip_gre but it
 wouldn't compile with 2.6.17.8. I would prefer to not pursue this method
 however.

Have you bought up a 'fake' gre interface just so the kernel will
handle incoming GRE?

also, have you turned on ip forwarding and turned off rp_filter ?




adrian