Disregarding the complaints about Cisco configuration, here is a simple example: If I want to intercept plain HTTP on ports 8008 and 8080:
wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080
Squid 3.4.12 will still give this incorrect error:
FATAL: Bungled /usr/local/etc/squid/squid.conf line 55: wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080
WCCP2 is documented as allowing up to 8 ports per service. This is broken by parsing changes in Squid 3.4.
Regards, Guy
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Don't think this is bug.You got very custom configuration, which can not be common.As I said, HTTP ports other than 80 is very rarely used in WAN's. Andbe better to separate HTTPS port from HTTP.Modern iOS can not accept your configuration. Beware.03.03.15 23:57, Guy Helmer пишет:Thanks Yuri -- I have thoroughly read Cisco IOS configuration
manuals pertaining to WCCP2. From what I have read, there is no
strict requirement for separate configurations for standard
web-cache port 80 and dynamic service for non-port 80 — wccp2
dynamic services allow redirection of any ports (up to a total of
8), including port 80. As I’ve stated before, this was a working
configuration in squid 3.3 at multiple sites. If there is a
rationale for distinct wccp2 service configurations for port 80 vs
other ports, I sure could use a reference that explains it.
As I’ve pointed out, there is a bug in Squid 3.4 that prevents
specifying multiple TCP ports in the wccp2_service_info line. I’ve
corrected that now in my sources. After fixing that bug, squid
3.4.12 is functioning with WCCP2 interception for port 80, 443, and
others as it did in version 3.3.x.
Regards, Guy
On Mar 3, 2015, at 11:29 AM, Yuri Voinov <yvoinov@xxxxxxxxx>
wrote:
Please, read Cisco iOS WCCPv2 manual first.
This one:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>
and this one:
http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>
wccp web-cache uses port 80 by default. Other http ports is less
than percentile on web-traffic.
https requires another dynamic wccp service.
Also, take a look on config example again.
This is working configuration.
03.03.15 23:21, Guy Helmer пишет:
It has worked in the past with WCCP2 dynamic services at
multiple sites.
I’ve uncovered the wccp2_service_info ports parsing error:
--- src/wccp2.cc.ORIG 2015-03-03 11:08:18.000000000 -0600
+++ src/wccp2.cc 2015-03-03 11:10:37.000000000 -0600 @@
-2264,7 +2264,10 @@ if (i >= WCCP2_NUMPORTS) {
fatalf("parse_wccp2_service_ports: too many ports (maximum:
8) in list '%s'\n", options); } - int p = xatoi(tmp);
+ char copy[len + 1]; + memcpy(copy, tmp, len); +
copy[len] = '\0'; + int p = xatoi(copy);
if (p < 1 || p > 65535) { fatalf("parse_wccp2_service_ports:
port value '%s' isn't valid (1..65535)\n", tmp);
On Mar 3, 2015, at 11:06 AM, Yuri Voinov
<yvoinov@xxxxxxxxx> wrote:
You cannot combine HTTP and HTTPS in one WCCP service.
http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
<http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>
03.03.15 23:04, Guy Helmer пишет:This used to work in 3.3.x:
wccp2_service_info 94 protocol=tcp
flags=dst_ip_hash,ports_source priority=240
ports=80,81,83,591,8008,8080,443
squid 3.4.12 fails: 2015/03/03 11:02:33.109|
cache_cf.cc(556) parseOneConfigFile: Processing:
wccp2_service_info 94 protocol=tcp
flags=dst_ip_hash,ports_source priority=240
ports=80,81,83,591,8008,8080,443 2015/03/03
11:02:33.109| wccp2.cc <http://wccp2.cc/>(2298)
parse_wccp2_service_info: parse_wccp2_service_info:
called 2015/03/03 11:02:33.109| ERROR: Invalid value:
'80,81,83,591,8008,8080,443' is supposed to be a
number.
Any help?
Thanks, Guy
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx
<mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>
http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2iQEcBAEBAgAGBQJU9fpNAAoJENNXIZxhPexG+hoH/33NudcBRvS5Z/D/8wCN8Hwq4+efhgF3dCfimb2kQjQFq3JsK6JvPUJO7TJm2h8tzqlAMOnBUuoM/MHEg48skcL2+udKwPUC/WO0GXVlNFdln3a4ozYotDmpwZIvwzBTPm5dpcwMi/bCX2oOyzq4y8yrmHzYEYmaP1tKF4bzEqlRsOIkrKUFvTvw6HlMoZ1EDE3Qp6WlM6WWiaf8rOoMKVRndGBPvmvRo79OEMXkvc167BH2j8phOFs7XPUw9mWw7nY93jKEcBxxKl4PpwkK7km/am7DeV7uLQtnA5nuPs4QC063YRBEAu/8mjONRq5ytJurP8nUUsV46+sdl0EMY44==S5O/-----END PGP SIGNATURE-----
|
