[squid-users] wccp2_service_info fails on more than one port number
Yuri Voinov
yvoinov at gmail.com
Tue Mar 3 19:11:11 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In this case you can simple open bug on Bugzilla.
04.03.15 0:46, Guy Helmer пишет:
> Disregarding the complaints about Cisco configuration, here is a
> simple example: If I want to intercept plain HTTP on ports 8008 and
> 8080:
>
> wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=8008,8080
>
> Squid 3.4.12 will still give this incorrect error:
>
> FATAL: Bungled /usr/local/etc/squid/squid.conf line 55:
> wccp2_service_info 94 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=8008,8080
>
> WCCP2 is documented as allowing up to 8 ports per service. This is
> broken by parsing changes in Squid 3.4.
>
> Regards, Guy
>
>> On Mar 3, 2015, at 12:15 PM, Yuri Voinov <yvoinov at gmail.com>
>> wrote:
>>
> Don't think this is bug.
>
> You got very custom configuration, which can not be common.
>
> As I said, HTTP ports other than 80 is very rarely used in WAN's.
> And be better to separate HTTPS port from HTTP.
>
> Modern iOS can not accept your configuration. Beware.
>
> 03.03.15 23:57, Guy Helmer пишет:
>>>> Thanks Yuri -- I have thoroughly read Cisco IOS
>>>> configuration manuals pertaining to WCCP2. From what I have
>>>> read, there is no strict requirement for separate
>>>> configurations for standard web-cache port 80 and dynamic
>>>> service for non-port 80 — wccp2 dynamic services allow
>>>> redirection of any ports (up to a total of 8), including port
>>>> 80. As I’ve stated before, this was a working configuration
>>>> in squid 3.3 at multiple sites. If there is a rationale for
>>>> distinct wccp2 service configurations for port 80 vs other
>>>> ports, I sure could use a reference that explains it.
>>>>
>>>> As I’ve pointed out, there is a bug in Squid 3.4 that
>>>> prevents specifying multiple TCP ports in the
>>>> wccp2_service_info line. I’ve corrected that now in my
>>>> sources. After fixing that bug, squid 3.4.12 is functioning
>>>> with WCCP2 interception for port 80, 443, and others as it
>>>> did in version 3.3.x.
>>>>
>>>> Regards, Guy
>>>>
>>>>> On Mar 3, 2015, at 11:29 AM, Yuri Voinov
>>>>> <yvoinov at gmail.com> wrote:
>>>>>
>>>> Please, read Cisco iOS WCCPv2 manual first.
>>>>
>>>> This one:
>>>>
>>>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html
>>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>
>>>>
>>>>
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html>>
>>>>
>>>> and this one:
>>>>
>>>> http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955
>>>> <http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>
>>>>
>>>>
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955
<http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf018.html#wp1000955>>
>>>>
>>>> wccp web-cache uses port 80 by default. Other http ports is
>>>> less than percentile on web-traffic.
>>>>
>>>> https requires another dynamic wccp service.
>>>>
>>>> Also, take a look on config example again.
>>>>
>>>> This is working configuration.
>>>>
>>>> 03.03.15 23:21, Guy Helmer пишет:
>>>>>>> It has worked in the past with WCCP2 dynamic services
>>>>>>> at multiple sites.
>>>>>>>
>>>>>>> I’ve uncovered the wccp2_service_info ports parsing
>>>>>>> error:
>>>>>>>
>>>>>>> --- src/wccp2.cc.ORIG 2015-03-03 11:08:18.000000000
>>>>>>> -0600 +++ src/wccp2.cc <http://wccp2.cc/> 2015-03-03
>>>>>>> 11:10:37.000000000 -0600 @@ -2264,7 +2264,10 @@ if (i
>>>>>>> >= WCCP2_NUMPORTS) { fatalf("parse_wccp2_service_ports:
>>>>>>> too many ports (maximum: 8) in list '%s'\n", options);
>>>>>>> } - int p = xatoi(tmp); + char copy[len + 1]; +
>>>>>>> memcpy(copy, tmp, len); + copy[len] = '\0'; +
>>>>>>> int p = xatoi(copy);
>>>>>>>
>>>>>>> if (p < 1 || p > 65535) {
>>>>>>> fatalf("parse_wccp2_service_ports: port value '%s'
>>>>>>> isn't valid (1..65535)\n", tmp);
>>>>>>>
>>>>>>>
>>>>>>>> On Mar 3, 2015, at 11:06 AM, Yuri Voinov
>>>>>>>> <yvoinov at gmail.com <mailto:yvoinov at gmail.com>>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>> You cannot combine HTTP and HTTPS in one WCCP service.
>>>>>>>
>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
>>>>>>> <http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>
>>>>>>>
>>>>>>>
<http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2
<http://wiki.squid-cache.org/ConfigExamples/Intercept/CiscoIOSv15Wccp2>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
> 03.03.15 23:04, Guy Helmer пишет:
>>>>>>>>>> This used to work in 3.3.x:
>>>>>>>>>>
>>>>>>>>>> wccp2_service_info 94 protocol=tcp
>>>>>>>>>> flags=dst_ip_hash,ports_source priority=240
>>>>>>>>>> ports=80,81,83,591,8008,8080,443
>>>>>>>>>>
>>>>>>>>>> squid 3.4.12 fails: 2015/03/03 11:02:33.109|
>>>>>>>>>> cache_cf.cc(556) parseOneConfigFile: Processing:
>>>>>>>>>> wccp2_service_info 94 protocol=tcp
>>>>>>>>>> flags=dst_ip_hash,ports_source priority=240
>>>>>>>>>> ports=80,81,83,591,8008,8080,443 2015/03/03
>>>>>>>>>> 11:02:33.109| wccp2.cc <http://wccp2.cc/>
>>>>>>>>>> <http://wccp2.cc/ <http://wccp2.cc/>>(2298)
>>>>>>>>>> parse_wccp2_service_info:
>>>>>>>>>> parse_wccp2_service_info: called 2015/03/03
>>>>>>>>>> 11:02:33.109| ERROR: Invalid value:
>>>>>>>>>> '80,81,83,591,8008,8080,443' is supposed to be a
>>>>>>>>>> number.
>>>>>>>>>>
>>>>>>>>>> Any help?
>>>>>>>>>>
>>>>>>>>>> Thanks, Guy
>>>>>>>>>> _______________________________________________
>>>>>>>>>> squid-users mailing list
>>>>>>>>>> squid-users at lists.squid-cache.org
>>>>>>>>>> <mailto:squid-users at lists.squid-cache.org>
>>>>>>>>>> <mailto:squid-users at lists.squid-cache.org
>>>>>>>>>> <mailto:squid-users at lists.squid-cache.org>>
>>>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users>
>>>>>>>>>>
>>>>>>>>>>
<http://lists.squid-cache.org/listinfo/squid-users
<http://lists.squid-cache.org/listinfo/squid-users>>
>>>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users at lists.squid-cache.org
>>>>>>>> <mailto:squid-users at lists.squid-cache.org>
>>>>>>>> <mailto:squid-users at lists.squid-cache.org
>>>>>>>> <mailto:squid-users at lists.squid-cache.org>>
>>>>>>>> http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users>
>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users
>>>>>>>> <http://lists.squid-cache.org/listinfo/squid-users>>
>>>>>>>
>>>>
>>>>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU9gdPAAoJENNXIZxhPexGXSIIAIS7GWUxK9Do7WXVBc+K78tW
muArO50AbqK4EhcimZEp1pNm7+S7eLMcC1tk535l5IlXWzt3y4Y66bweCnmmm1HC
1JbpSYfFHB161L43ltxQ1MDrTZP5IL+VwkCzoV4f4MUkLvwXevZYq3MP5HaWDQim
BjGrp3D2QTvcYxzky+9fOko9cYpkd10aohfSIEDeTWq8QshNYZiqZhEYrh6pnkWR
6QfLX/ie8An80Y+gWfZWk6rOQaKGaD3DH8wHs0Dz1wO7sNBfyt/nLcyoridX17En
T80g2tUErO1OxOcngf+q75VbVEW4IfuiV3WWb61vxu0+iuWOhEevU7/qMmPSOfs=
=l50x
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list