-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this case you can simple open bug on Bugzilla. 04.03.15 0:46, Guy Helmer пишет: > Disregarding the complaints about Cisco configuration, here is a > simple example: If I want to intercept plain HTTP on ports 8008 and > 8080: > > wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source > priority=240 ports=8008,8080 > > Squid 3.4.12 will still give this incorrect error: > > FATAL: Bungled /usr/local/etc/squid/squid.conf line 55: > wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source > priority=240 ports=8008,8080 > > WCCP2 is documented as allowing up to 8 ports per service. This is > broken by parsing changes in Squid 3.4. > > Regards, Guy > >> On Mar 3, 2015, at 12:15 PM, Yuri Voinov <yvoinov@xxxxxxxxx> >> wrote: >> > Don't think this is bug. > > You got very custom configuration, which can not be common. > > As I said, HTTP ports other than 80 is very rarely used in WAN's. > And be better to separate HTTPS port from HTTP. > > Modern iOS can not accept your configuration. Beware. > > 03.03.15 23:57, Guy Helmer пишет: >>>> Thanks Yuri -- I have thoroughly read Cisco IOS >>>> configuration manuals pertaining to WCCP2. From what I have >>>> read, there is no strict requirement for separate >>>> configurations for standard web-cache port 80 and dynamic >>>> service for non-port 80 — wccp2 dynamic services allow >>>> redirection of any ports (up to a total of 8), including port >>>> 80. As I’ve stated before, this was a working configuration >>>> in squid 3.3 at multiple sites. If there is a rationale for >>>> distinct wccp2 service configurations for port 80 vs other >>>> ports, I sure could use a reference that explains it. >>>> >>>> As I’ve pointed out, there is a bug in Squid 3.4 that >>>> prevents specifying multiple TCP ports in the >>>> wccp2_service_info line. I’ve corrected that now in my >>>> sources. After fixing that bug, squid 3.4.12 is functioning >>>> with WCCP2 interception for port 80, 443, and others as it >>>> did in version 3.3.x. >>>> >>>> Regards, Guy >>>> >>>>> On Mar 3, 2015, at 11:29 AM, Yuri Voinov >>>>> <yvoinov@xxxxxxxxx> wrote: >>>>> >>>> Please, read Cisco iOS WCCPv2 manual first. >>>> >>>> This one: >>>> >>>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html >>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html> >>>> >>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>> >>>> >>>> and this one: >>>> >>>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 >>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955> >>>> >>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>> >>>> >>>> wccp web-cache uses port 80 by default. Other http ports is >>>> less than percentile on web-traffic. >>>> >>>> https requires another dynamic wccp service. >>>> >>>> Also, take a look on config example again. >>>> >>>> This is working configuration. >>>> >>>> 03.03.15 23:21, Guy Helmer пишет: >>>>>>> It has worked in the past with WCCP2 dynamic services >>>>>>> at multiple sites. >>>>>>> >>>>>>> I’ve uncovered the wccp2_service_info ports parsing >>>>>>> error: >>>>>>> >>>>>>> --- src/wccp2.cc.ORIG 2015-03-03 11:08:18.000000000 >>>>>>> -0600 +++ src/wccp2.cc <http://wccp2.cc/> 2015-03-03 >>>>>>> 11:10:37.000000000 -0600 @@ -2264,7 +2264,10 @@ if (i >>>>>>> >= WCCP2_NUMPORTS) { fatalf("parse_wccp2_service_ports: >>>>>>> too many ports (maximum: 8) in list '%s'\n", options); >>>>>>> } - int p = xatoi(tmp); + char copy[len + 1]; + >>>>>>> memcpy(copy, tmp, len); + copy[len] = '\0'; + >>>>>>> int p = xatoi(copy); >>>>>>> >>>>>>> if (p < 1 || p > 65535) { >>>>>>> fatalf("parse_wccp2_service_ports: port value '%s' >>>>>>> isn't valid (1..65535)\n", tmp); >>>>>>> >>>>>>> >>>>>>>> On Mar 3, 2015, at 11:06 AM, Yuri Voinov >>>>>>>> <yvoinov@xxxxxxxxx <mailto:yvoinov@xxxxxxxxx>> >>>>>>>> wrote: >>>>>>>> >>>>>>> You cannot combine HTTP and HTTPS in one WCCP service. >>>>>>> >>>>>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 >>>>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2> >>>>>>> >>>>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> > 03.03.15 23:04, Guy Helmer пишет: >>>>>>>>>> This used to work in 3.3.x: >>>>>>>>>> >>>>>>>>>> wccp2_service_info 94 protocol=tcp >>>>>>>>>> flags=dst_ip_hash,ports_source priority=240 >>>>>>>>>> ports=80,81,83,591,8008,8080,443 >>>>>>>>>> >>>>>>>>>> squid 3.4.12 fails: 2015/03/03 11:02:33.109| >>>>>>>>>> cache_cf.cc(556) parseOneConfigFile: Processing: >>>>>>>>>> wccp2_service_info 94 protocol=tcp >>>>>>>>>> flags=dst_ip_hash,ports_source priority=240 >>>>>>>>>> ports=80,81,83,591,8008,8080,443 2015/03/03 >>>>>>>>>> 11:02:33.109| wccp2.cc <http://wccp2.cc/> >>>>>>>>>> <http://wccp2.cc/ <http://wccp2.cc/>>(2298) >>>>>>>>>> parse_wccp2_service_info: >>>>>>>>>> parse_wccp2_service_info: called 2015/03/03 >>>>>>>>>> 11:02:33.109| ERROR: Invalid value: >>>>>>>>>> '80,81,83,591,8008,8080,443' is supposed to be a >>>>>>>>>> number. >>>>>>>>>> >>>>>>>>>> Any help? >>>>>>>>>> >>>>>>>>>> Thanks, Guy >>>>>>>>>> _______________________________________________ >>>>>>>>>> squid-users mailing list >>>>>>>>>> squid-users@xxxxxxxxxxxxxxxxxxxxx >>>>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> >>>>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx >>>>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>> >>>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>>>>>>>> >>>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>> >>>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> squid-users mailing list >>>>>>>> squid-users@xxxxxxxxxxxxxxxxxxxxx >>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> >>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx >>>>>>>> <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx>> >>>>>>>> http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users> >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users >>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users>> >>>>>>> >>>> >>>> > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU9gdPAAoJENNXIZxhPexGXSIIAIS7GWUxK9Do7WXVBc+K78tW muArO50AbqK4EhcimZEp1pNm7+S7eLMcC1tk535l5IlXWzt3y4Y66bweCnmmm1HC 1JbpSYfFHB161L43ltxQ1MDrTZP5IL+VwkCzoV4f4MUkLvwXevZYq3MP5HaWDQim BjGrp3D2QTvcYxzky+9fOko9cYpkd10aohfSIEDeTWq8QshNYZiqZhEYrh6pnkWR 6QfLX/ie8An80Y+gWfZWk6rOQaKGaD3DH8wHs0Dz1wO7sNBfyt/nLcyoridX17En T80g2tUErO1OxOcngf+q75VbVEW4IfuiV3WWb61vxu0+iuWOhEevU7/qMmPSOfs= =l50x -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
