[squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record

David Touzeau david at articatech.com
Fri Jun 24 11:04:02 UTC 2022 

Hi Elizer

No, Fortinet is good.

In this case is connecting HTTP/HTTPs with WCCP from Fortinet to squid 
did not work, because SQUID refuse to communicate with Fortinet 
according to "Ignoring WCCPv2 message: truncated record" issue.

With Squid,  Fortinet report that is no WCCP server available.


Le 23/06/2022 à 18:33, ngtech1ltd at gmail.com a écrit :
>
> Hey David,
>
> Just trying to understand something:
>
> Aren’t Fortinet something that should replace squid?
>
> I assumed that it should do a much better job then Squid in many aeras.
>
> What a Fortinet(I have one…) is not covering?
>
> Thanks,
>
> Eliezer
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
> Web: https://ngtech.co.il/
>
> My-Tube: https://tube.ngtech.co.il/
>
> *From:*squid-users <squid-users-bounces at lists.squid-cache.org> *On 
> Behalf Of *David Touzeau
> *Sent:* Thursday, 23 June 2022 19:12
> *To:* squid-users at lists.squid-cache.org
> *Subject:* Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring 
> WCCPv2 message: truncated record
>
> Hi Alex,
>
> is the v5 commit 7a73a54 already included in the latest 5.5,5.6 versions?
>
> This is very unfortunate because WCCP is used by default by Fortinet 
> firewall devices. It should be very popular.
> Indeed, Fortinet is flooding the market.
> I can volunteer for the funding and the necessary testing to be done.
>
> Le 23/06/2022 à 14:44, Alex Rousskov a écrit :
>
>     On 6/21/22 07:43, David Touzeau wrote:
>
>
>         We trying to using WCCP with Fortigate without success Squid
>         version  5.5 always claim "Ignoring WCCPv2 message: truncated
>         record"
>
>         What can be the cause ?
>
>
>     The most likely cause are bugs in untested WCCP fixes (v5 commit
>     7a73a54). Dormant draft PR 970 contains unfinished fixes for the
>     problems in that previous attempt:
>     https://github.com/squid-cache/squid/pull/970
>
>     IMHO, folks that need WCCP support should invest into that
>     semi-abandoned Squid feature or risk losing it. WCCP code needs
>     serious refactoring and proper testing. There are currently no
>     Project volunteers that have enough resources and capabilities to
>     do either.
>
>     https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
>
>
>
>     HTH,
>
>     Alex.
>
>
>
>         We have added a service ID 80 on fortigate
>
>         config system wccp
>              edit "80"
>                  set router-id 10.10.50.1
>                  set group-address 0.0.0.0
>                  set server-list 10.10.50.2 255.255.255.255
>                  set server-type forward
>                  set authentication disable
>                  set forward-method GRE
>                  set return-method GRE
>                  set assignment-method HASH
>              next
>         end
>
>         Squid wccp configuration
>
>         wccp2_router 10.10.50.1
>         wccp_version 3
>         # tested v4 do the same behavior
>         wccp2_rebuild_wait on
>         wccp2_forwarding_method gre
>         wccp2_return_method gre
>         wccp2_assignment_method hash
>         wccp2_service dynamic 80
>         wccp2_service_info 80 protocol=tcp protocol=tcp
>         flags=src_ip_hash priority=240 ports=80,443
>         wccp2_address 0.0.0.0
>         wccp2_weight 10000
>
>         Squid claim in debug log
>
>         022/06/21 13:15:38.780 kid4| 80,6| wccp2.cc(1206)
>         wccp2HandleUdp: wccp2HandleUdp: Called.
>         2022/06/21 13:15:38.781 kid4| 5,5| ModEpoll.cc(118) SetSelect:
>         FD 38, type=1, handler=1, client_data=0, timeout=0
>         2022/06/21 13:15:38.781 kid4| 80,3| wccp2.cc(1230)
>         wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 112.
>         2022/06/21 13:15:38.781 kid4| ERROR: Ignoring WCCPv2 message:
>         truncated record
>              exception location: wccp2.cc(1133) CheckSectionLength
>
>
>
>         -- 
>
>         _______________________________________________
>         squid-users mailing list
>         squid-users at lists.squid-cache.org
>         http://lists.squid-cache.org/listinfo/squid-users
>
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     http://lists.squid-cache.org/listinfo/squid-users
>
> -- 
>
> *Technical Support*
>
> 	
> 	
>
> *David Touzeau***
>
> Orgerus, Yvelines, France
>
> *Artica Tech*
>
>
> P: +33 6 58 44 69 46
> www: wiki.articatech.com <https://wiki.articatech.com>
> www: articatech.net <http://articatech.net>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-- 
Technical Support
	
	
*David Touzeau*
Orgerus, Yvelines, France
*Artica Tech*

P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220624/f64b1129/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6266 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220624/f64b1129/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: XiJKjGpmsvhKM2h3.jpg
Type: image/jpeg
Size: 6266 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220624/f64b1129/attachment-0003.jpg>

More information about the squid-users mailing list