[squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record
ngtech1ltd at gmail.com
ngtech1ltd at gmail.com
Fri Jun 24 11:17:18 UTC 2022
Hey David,
I am not sure and can spin up my Forti but from what I remember there are PBR functions in the Forti.
Why would a WCCP be required? To pass only ports 80 and 443 instead of all traffic?
Thanks,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of David Touzeau
Sent: Friday, 24 June 2022 14:04
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record
Hi Elizer
No, Fortinet is good.
In this case is connecting HTTP/HTTPs with WCCP from Fortinet to squid did not work, because SQUID refuse to communicate with Fortinet according to "Ignoring WCCPv2 message: truncated record" issue.
With Squid, Fortinet report that is no WCCP server available.
Le 23/06/2022 à 18:33, ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> a écrit :
Hey David,
Just trying to understand something:
Aren’t Fortinet something that should replace squid?
I assumed that it should do a much better job then Squid in many aeras.
What a Fortinet(I have one…) is not covering?
Thanks,
Eliezer
----
Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
Web: https://ngtech.co.il/
My-Tube: https://tube.ngtech.co.il/
From: squid-users <mailto:squid-users-bounces at lists.squid-cache.org> <squid-users-bounces at lists.squid-cache.org> On Behalf Of David Touzeau
Sent: Thursday, 23 June 2022 19:12
To: squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] WCCPV2 with fortigate ERROR: Ignoring WCCPv2 message: truncated record
Hi Alex,
is the v5 commit 7a73a54 already included in the latest 5.5,5.6 versions?
This is very unfortunate because WCCP is used by default by Fortinet firewall devices. It should be very popular.
Indeed, Fortinet is flooding the market.
I can volunteer for the funding and the necessary testing to be done.
Le 23/06/2022 à 14:44, Alex Rousskov a écrit :
On 6/21/22 07:43, David Touzeau wrote:
We trying to using WCCP with Fortigate without success Squid version 5.5 always claim "Ignoring WCCPv2 message: truncated record"
What can be the cause ?
The most likely cause are bugs in untested WCCP fixes (v5 commit 7a73a54). Dormant draft PR 970 contains unfinished fixes for the problems in that previous attempt:
https://github.com/squid-cache/squid/pull/970
IMHO, folks that need WCCP support should invest into that semi-abandoned Squid feature or risk losing it. WCCP code needs serious refactoring and proper testing. There are currently no Project volunteers that have enough resources and capabilities to do either.
https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F
HTH,
Alex.
We have added a service ID 80 on fortigate
config system wccp
edit "80"
set router-id 10.10.50.1
set group-address 0.0.0.0
set server-list 10.10.50.2 255.255.255.255
set server-type forward
set authentication disable
set forward-method GRE
set return-method GRE
set assignment-method HASH
next
end
Squid wccp configuration
wccp2_router 10.10.50.1
wccp_version 3
# tested v4 do the same behavior
wccp2_rebuild_wait on
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp protocol=tcp flags=src_ip_hash priority=240 ports=80,443
wccp2_address 0.0.0.0
wccp2_weight 10000
Squid claim in debug log
022/06/21 13:15:38.780 kid4| 80,6| wccp2.cc(1206) wccp2HandleUdp: wccp2HandleUdp: Called.
2022/06/21 13:15:38.781 kid4| 5,5| ModEpoll.cc(118) SetSelect: FD 38, type=1, handler=1, client_data=0, timeout=0
2022/06/21 13:15:38.781 kid4| 80,3| wccp2.cc(1230) wccp2HandleUdp: Incoming WCCPv2 I_SEE_YOU length 112.
2022/06/21 13:15:38.781 kid4| ERROR: Ignoring WCCPv2 message: truncated record
exception location: wccp2.cc(1133) CheckSectionLength
--
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
--
Technical Support
David Touzeau
Orgerus, Yvelines, France
Artica Tech
P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
--
Technical Support
David Touzeau
Orgerus, Yvelines, France
Artica Tech
P: +33 6 58 44 69 46
www: wiki.articatech.com <https://wiki.articatech.com>
www: articatech.net <http://articatech.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220624/f38d6061/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6266 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220624/f38d6061/attachment-0001.jpg>
More information about the squid-users
mailing list