Re: [squid-users] More WCCP woes

From: Sixx Lim <sixx@dont-contact.us>
Date: Fri, 16 Mar 2001 01:20:54 +0800

>
> > I hope that WCCP is still hot topic to be discussed. Most of us got
> > different symptoms. I made an assumption that may be wrong, please correct
> > me.
>
> I hope too. I don't have my particular setup running at all.

Tried everything in the FAQs, except for GRE.
Loading WCCP i totally lose terminal control of the server (only ssh in works)
Below are the msg i get flooded on *all* consoles and syslog

Mar 15 17:54:24 x1 kernel: PROTO=6 192.168.0.20:1782 206.41.20.6:80 L=48 S=0x00
  I=30245 Fish_output: bad unowned skb = de1a1580: PRE_ROUTING LOCAL_IN
FORWARD P
OST_ROUTING
Mar 15 17:54:24 x1 kernel: skb: pf=2 (unowned) dev=eth0 len=48
Mar 15 17:54:24 x1 kernel: PROTO=6 192.168.0.20:11782 206.41.20.6:80 L=48
S=0x00
  I=30245 F=0x4000 T=46
Mar 15 17:54:24 x1 kernel: nf_hook: hook 0 already set.
Mar 15 17:54:24 x1 kernel: skb: pf=2 (unowned) dev=eth0 len=48
Mar 15 17:54:24 x1 kernel: PROTO=6 192.168.0.20:11782 206.41.20.6:80 L=48
S=0x00
  I=30245 F=0x4000 T=46
Mar 15 17:54:24 x1 kernel: ip_finish_output: bad unowned skb = c19a1b20:
PRE_ROU
TING LOCAL_IN FORWARD POST_ROUTING
Mar 15 17:54:24 x1 kernel: skb: pf=2 (unowned) dev=eth0 len=48
Mar 15 17:54:24 x1 kernel: PROTO=6 192.168.0.20:11782 206.41.20.6:80 L=48
S=0x00
  I=30245 F=0x4000 T=45
Mar 15 17:54:24 x1 kernel: nf_hook: hook 0 already set.
Mar 15 17:54:24 x1 kernel: skb: pf=2 (unowned) dev=eth0 len=48
Mar 15 17:54:24 x1 kernel: PROTO=6 192.168.0.20:11782 206.41.20.6:80 L=48
S=0x00
  I=30245 F=0x4000 T=45
Mar 15 17:54:24 x1 kernel: ip_finish_output: bad unowned skb = de1a1580:
PRE_ROU
TING LOCAL_IN FORWARD POST_ROUTING
Mar 15 17:54:24 x1 kernel: skb: pf=2 (unowned) dev=eth0 len=48

The catch here is nothing gets into squid's access log, so i presume
nothing gets send out.
This developmental server is on 2.4 kernel + squid 2.4 pre stable2.

> >
> > 1. Vishwanath Paranjape could get "Here_I_Am" packet but still cannot
> > redirecting HTTP to Squid
> > 2. Jorge Boncompte seems solve the problem by using IP GRE.
>
> I'm using the ip_wccp module without any patches. My problem is that
>squid doesn't "understand" what it receives. I have defined several ip
>tables to redirect packets but seems to not work.

Redirection of ports thru iptables would only work if the squid/iptables
server is also the
router for the NAT network.
A good method to test out would be to telnet into the port being redirected
via real ip
system.

> > 3. Curtis Hays even could not connected his Squid to Router through WCCP
> > 4. I could connect Squid to Router without getting "Here_I_Am" packet and
> > still cannot redirecting HTTP to Squid.
> >
> > I am very curious about this problem. Frankly, I am sure that suggestion /
> > sample from Jan Haluza and Al Blake is very helpful. Unfortunately, we
>need
> > more luck to solve the redirection problem.
> >
> > Now, I am waiting Cisco staff checking my IOS (version 12.0(7)T) about
> > possibility of bugs to support WCCPv1. If it is negative, I must suspect
>the
> > WCCP tunneling (UDP port 2048, isn't it?), that I am really blind what I
> > should do.
>
> WCCP encapsulates redirected packets in GRE (Generic Routing
>Encapsulation) and send them to the Cache box. UDP port 2048 is the
>"ststatus port", I think. The ip_wccp module strips the GRE header from the
>packets it has received. The only one difference between this and the ip_gre
>is that you can send GRE packets because you can define a new interface and
>routes.

My current working implementation of wccp on 2.2 kernels didn't use GRE.
Would try w/o GRE on 2.4 in the morning.
Any ideas to try before i totally ditch 2.4 kernels n work with 2.2?

> >
> > Thx & rgds,
> >
> > Awie
> >
>
>
> -Jorge
>
>==============================================================
>Jorge Boncompte - Técnico de sistemas
>DTI2 - Desarrollo de la Tecnología de las Comunicaciones
>--------------------------------------------------------------
>C/ Abogado Enriquez Barrios, 5 14004 CORDOBA (SPAIN)
>Tlf: +34 957 761395 / FAX: +34 957 450380
>--------------------------------------------------------------
>jorge@dti2.net _-_-_-_-_-_-_-_-_-_-_-_-_-_ http://www.dti2.net
>==============================================================
>Without wicker a basket cannot be done.
>==============================================================
Received on Thu Mar 15 2001 - 10:17:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:38 MST