[squid-users] wccp2_service_info fails on more than one port number

Guy Helmer guy.helmer at gmail.com
Tue Mar 3 18:46:01 UTC 2015 

Disregarding the complaints about Cisco configuration, here is a simple example: If I want to intercept plain HTTP on ports 8008 and 8080:

wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080

Squid 3.4.12 will still give this incorrect error:

FATAL: Bungled /usr/local/etc/squid/squid.conf line 55: wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=8008,8080

WCCP2 is documented as allowing up to 8 ports per service. This is broken by parsing changes in Squid 3.4.

Regards,
Guy

> On Mar 3, 2015, at 12:15 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Don't think this is bug.
> 
> You got very custom configuration, which can not be common.
> 
> As I said, HTTP ports other than 80 is very rarely used in WAN's. And
> be better to separate HTTPS port from HTTP.
> 
> Modern iOS can not accept your configuration. Beware.
> 
> 03.03.15 23:57, Guy Helmer пишет:
>> Thanks Yuri -- I have thoroughly read Cisco IOS configuration
>> manuals pertaining to WCCP2. From what I have read, there is no
>> strict requirement for separate configurations for standard
>> web-cache port 80 and dynamic service for non-port 80 — wccp2
>> dynamic services allow redirection of any ports (up to a total of
>> 8), including port 80. As I’ve stated before, this was a working
>> configuration in squid 3.3 at multiple sites. If there is a
>> rationale for distinct wccp2 service configurations for port 80 vs
>> other ports, I sure could use a reference that explains it.
>> 
>> As I’ve pointed out, there is a bug in Squid 3.4 that prevents
>> specifying multiple TCP ports in the wccp2_service_info line. I’ve
>> corrected that now in my sources. After fixing that bug, squid
>> 3.4.12 is functioning with WCCP2 interception for port 80, 443, and
>> others as it did in version 3.3.x.
>> 
>> Regards, Guy
>> 
>>> On Mar 3, 2015, at 11:29 AM, Yuri Voinov <yvoinov at gmail.com>
>>> wrote:
>>> 
>> Please, read Cisco iOS WCCPv2 manual first.
>> 
>> This one:
>> 
>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>
>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>>
>> 
>> and this one:
>> 
>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>
>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955 <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>>
>> 
>> wccp web-cache uses port 80 by default. Other http ports is less
>> than percentile on web-traffic.
>> 
>> https requires another dynamic wccp service.
>> 
>> Also, take a look on config example again.
>> 
>> This is working configuration.
>> 
>> 03.03.15 23:21, Guy Helmer пишет:
>>>>> It has worked in the past with WCCP2 dynamic services at
>>>>> multiple sites.
>>>>> 
>>>>> I’ve uncovered the wccp2_service_info ports parsing error:
>>>>> 
>>>>> --- src/wccp2.cc.ORIG	2015-03-03 11:08:18.000000000 -0600
>>>>> +++ src/wccp2.cc <http://wccp2.cc/>	2015-03-03 11:10:37.000000000 -0600 @@
>>>>> -2264,7 +2264,10 @@ if (i >= WCCP2_NUMPORTS) { 
>>>>> fatalf("parse_wccp2_service_ports: too many ports (maximum:
>>>>> 8) in list '%s'\n", options); } -        int p = xatoi(tmp);
>>>>> + char copy[len + 1]; +        memcpy(copy, tmp, len); + 
>>>>> copy[len] = '\0'; +        int p = xatoi(copy);
>>>>> 
>>>>> if (p < 1 || p > 65535) { fatalf("parse_wccp2_service_ports:
>>>>> port value '%s' isn't valid (1..65535)\n", tmp);
>>>>> 
>>>>> 
>>>>>> On Mar 3, 2015, at 11:06 AM, Yuri Voinov
>>>>>> <yvoinov at gmail.com <mailto:yvoinov at gmail.com>> wrote:
>>>>>> 
>>>>> You cannot combine HTTP and HTTPS in one WCCP service.
>>>>> 
>>>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>
>>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2 <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>>
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
> 03.03.15 23:04, Guy Helmer пишет:
>>>>>>>> This used to work in 3.3.x:
>>>>>>>> 
>>>>>>>> wccp2_service_info 94 protocol=tcp 
>>>>>>>> flags=dst_ip_hash,ports_source priority=240 
>>>>>>>> ports=80,81,83,591,8008,8080,443
>>>>>>>> 
>>>>>>>> squid 3.4.12 fails: 2015/03/03 11:02:33.109| 
>>>>>>>> cache_cf.cc(556) parseOneConfigFile: Processing: 
>>>>>>>> wccp2_service_info 94 protocol=tcp 
>>>>>>>> flags=dst_ip_hash,ports_source priority=240 
>>>>>>>> ports=80,81,83,591,8008,8080,443 2015/03/03
>>>>>>>> 11:02:33.109| wccp2.cc <http://wccp2.cc/> <http://wccp2.cc/ <http://wccp2.cc/>>(2298)
>>>>>>>> parse_wccp2_service_info: parse_wccp2_service_info:
>>>>>>>> called 2015/03/03 11:02:33.109| ERROR: Invalid value:
>>>>>>>> '80,81,83,591,8008,8080,443' is supposed to be a
>>>>>>>> number.
>>>>>>>> 
>>>>>>>> Any help?
>>>>>>>> 
>>>>>>>> Thanks, Guy
>>>>>>>> _______________________________________________ 
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>>>>>>>> <mailto:squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>> 
>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>>
>>>>>>>> 
>>>>>> _______________________________________________
>>>>>> squid-users mailing list squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>>>>>> <mailto:squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>> 
>>>>>> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
>>>>>> <http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>>
>>>>> 
>> 
>> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
> 
> iQEcBAEBAgAGBQJU9fpNAAoJENNXIZxhPexG+hoH/33NudcBRvS5Z/D/8wCN8Hwq
> 4+efhgF3dCfimb2kQjQFq3JsK6JvPUJO7TJm2h8tzqlAMOnBUuoM/MHEg48skcL2
> +udKwPUC/WO0GXVlNFdln3a4ozYotDmpwZIvwzBTPm5dpcwMi/bCX2oOyzq4y8yr
> mHzYEYmaP1tKF4bzEqlRsOIkrKUFvTvw6HlMoZ1EDE3Qp6WlM6WWiaf8rOoMKVRn
> dGBPvmvRo79OEMXkvc167BH2j8phOFs7XPUw9mWw7nY93jKEcBxxKl4PpwkK7km/
> am7DeV7uLQtnA5nuPs4QC063YRBEAu/8mjONRq5ytJurP8nUUsV46+sdl0EMY44=
> =S5O/
> -----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150303/6607b329/attachment-0001.html>

More information about the squid-users mailing list