[SQU] Strange WCCP and truncated GRE packet problem.

From: Nathan Lewis <[email protected]>
Date: Fri, 08 Dec 2000 18:10:30 -0600

The problem I'm having is that it appears that somewhere the GRE packets
coming from my Cisco 2610 router are being truncated by 24 bytes..but not
all the time.

I have WCCP 1.0 setup, following all the FAQ's and the cookbook..etc. I am
running Redhat 6.2 with a custom made kernel to support my Promise IDE
controllers, and IP firewalling compiled in.

WCCP is enabled on the router, and will redirect traffic to the Squid box
if Squid is running (visible by doing "show ip wccp" on the router.)

I compiled the ip_wccp module, it complied and loaded with no problems/errors.

I am using IP chains to setup the redirection to redirect any traffic
originating from Port 80 with any destination to port 3128. Packet
forwarding IS working (as you will see below, SOME packets get through)
because I tested ipchains by redirecting ALL traffic to 3128 and then
pointing a web proxy client at the server with a random port number - and
it still worked.

The accesslog of squid shows SOME (but not many) packets getting
through. A tcpdump of GRE packets (actually any IP packets that AREN'T
TCP, UDP, or ICMP) may point to the reason

tcpdump 'not ip proto \udp and not ip proto \tcp and not ip proto \icmp and ip'

results in some GRE packets showing up as missing 24 bytes (others work - I
presume that the proper packets are the ones that make it through to
squid). I would show part of the output here, but I just rebooted the
server and Linux decided it was time to fsck my 120GB RAID array....ug.

I guess this could be the ip_wccp module working properly (Is that what
ip_wccp does? Strange that tcpdump would still recognize them as GRE
packets and not tcp port 80 packets) The symptoms, nonetheless, are the
same, which is that only a few packets are getting through to squid. It
ISN'T that it works for a while and then stops, it is that only 5% (or so)
of the web requests ever get to squid.

Please help! I've been ripping my hair out on this one for far too long...

Nathan Lewis
Nathan Lewis

Senior Network Administrator
nathan_lewis@uclid.com

----------------------------------------------------------------------
CONFIDENTIALITY NOTICE -- This email is ONLY for the person(s) named in
the message header. Unless otherwise indicated, it contains information
that is confidential, privileged or exempt from disclosure under applicable
law.

If you have received it in error, please notify the sender of the error and
delete the message. Thank you.
--------------------------------------------------------------------------

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Dec 08 2000 - 17:13:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:53 MST