Search squid archive

[squid-users] Re: Re: Re: WCCP + squid 2.5-STABLE7 + linux 2.6.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jesse Guardiani wrote:

> Henrik Nordstrom wrote:
> 
>> On Wed, 23 Feb 2005, Jesse Guardiani wrote:
>> 
>>> tcpdump 'not ( host shannon and port 22 ) and not host 192.168.1.193 and
>>> not port syslog and not port domain and not snmp and not port 3632'
>>>
>>> And here's the only thing I could find that looked relevent:
>>>
>>> 04:22:30.959889 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length:
>>> 120 04:22:30.961323 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP,
>>> length: 140 04:22:32.791481 IP 192.168.10.1 > 192.168.10.2:
>>> gre-proto-0x883e 04:22:35.790420 IP 192.168.10.1 > 192.168.10.2:
>>> gre-proto-0x883e 04:22:40.954870 IP 192.168.10.2.2048 >
>>> 192.168.10.1.2048: UDP, length: 120 04:22:40.956378 IP 192.168.10.1.2048
>>> > 192.168.10.2.2048: UDP, length: 140 04:22:41.790316 IP 192.168.10.1 >
>>> 192.168.10.2: gre-proto-0x883e 04:22:51.932636 IP 192.168.10.2.2048 >
>>> 192.168.10.1.2048: UDP, length: 120 04:22:51.934544 IP 192.168.10.1.2048
>>> > 192.168.10.2.2048: UDP, length: 140
>>>
>>> 192.168.10.1 is my Cisco router's LAN address.
>>> Does the above mean anything to anyone?
>> 
>> Yes.
>> 
>> The UDP packets is the WCCP control channel
>> 
>> The gre 0x883e is the WCCP redirected packets.
>> 
>> You may need "-i any" argument to tcpdump to see the complete picture
>> however.
> 
> OK. New tcpdump run with "-i any" and some additional port and proto
> expressions to filter out the noise:
> 
> tcpdump -i any 'not ( host shannon and port 22) and not host 192.168.1.193
> and not port syslog and not port domain and not snmp and not port 3632 and
> not port ssh and not arp' tcpdump: WARNING: Promiscuous mode not supported
> on the "any" device tcpdump: verbose output suppressed, use -v or -vv for
> full protocol decode listening on any, link-type LINUX_SLL (Linux cooked),
> capture size 96 bytes
> 
> 
> 
> 
> 
> 21:55:26.259380 IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120
> 21:55:26.260373 IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
> 21:55:29.473457 IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e
> 21:55:29.473457 IP 192.168.10.5.33975 > 64.233.187.104.www: S
> 1830006628:1830006628(0) win 5840 <mss 1460,sackOK,timestamp 418917766
> 0,nop,wscale 2> 21:55:32.473612 IP 192.168.10.1 > 192.168.10.2:
> gre-proto-0x883e 21:55:32.473612 IP 192.168.10.5.33975 >
> 64.233.187.104.www: S 1830006628:1830006628(0) win 5840 <mss
> 1460,sackOK,timestamp 418920766 0,nop,wscale 2> 21:55:36.844127 IP
> 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120 21:55:36.845296 IP
> 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140 21:55:38.472288 IP
> 192.168.10.1 > 192.168.10.2: gre-proto-0x883e 21:55:38.472288 IP
> 192.168.10.5.33975 > 64.233.187.104.www: S 1830006628:1830006628(0) win
> 5840 <mss 1460,sackOK,timestamp 418926766 0,nop,wscale 2> 21:55:47.136074
> IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120 21:55:47.136921
> IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140 21:55:50.470033
> IP 192.168.10.1 > 192.168.10.2: gre-proto-0x883e 21:55:50.470033 IP
> 192.168.10.5.33975 > 64.233.187.104.www: S 1830006628:1830006628(0) win
> 5840 <mss 1460,sackOK,timestamp 418938766 0,nop,wscale 2> 21:55:57.568999
> IP 192.168.10.2.2048 > 192.168.10.1.2048: UDP, length: 120 21:55:57.569869
> IP 192.168.10.1.2048 > 192.168.10.2.2048: UDP, length: 140
> 
> 16 packets captured
> 26 packets received by filter
> 0 packets dropped by kernel
> [21:55]jesse@rhea:[/home/jesse]#
> 
> Judging from the ".www" lines, it looks to me like squid is attempting
> to contact the remote www server, but is being intercepted and
> looped back to itself by the Cisco. Is that an accurate assessment?

I don't think it is anymore. It seems like the packets are just dissappearing
after they hit my iptables rule. I tried placing OUTPUT and POSTROUTING LOG
rules around the NAT table, and their hit counters increment if I hit the
cache directly from a web browser, but if I hit it transparently the packet
just dissappears after the REDIRECT to port 3128.

Does anyone have squid 2.5-STABLE7 working with WCCP and linux 2.6.10?

-- 
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v)  423-559-5145 (f)
http://www.wingnet.net



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux