I don't know if anybody is interested in this, and can help me out, but
I'll keep posting until someone tells me not to...
My progress today has been slightly significant. Here's what I did.
tcpdump 'ip proto 47 or dst port 80' This outputs all the GRE packets as
well as the unencapsulated ones when ip_wccp is loaded.
Disable the chains script - clear the ipchains.
Fire up squid so the Cisco router starts firing packets at it.
truncated packets start coming in - ip_wccp ignores them - no
unencapsulated packets come through.
a few normal GRE packets come through - immediately following them in the
TCP trace is their unencapsulation, web requests coming from where they are
supposed to.
Turn ipchains back on, redirecting packets to squid. The packets that get
unencapsulated are indeed the ones that make it to squid. So what's up?
Possibilities:
1. I have a very recent version of IOS - perhaps Cisco saw what squid was
doing and decided to screw with their packets a little (truncating them by
24 bytes most of the time) to break anything besides "authorized"
implementations of WCCP. It is their protocol remember....
2. I have a faulty router / some sort of router configuration problem. I
will post the entire config if anyone is fluent in IOS and wants to take a
look.
3. My 3com Ethernet cards (remember, I tried this on two machines) don't
like receiving GRE packets. Faulty linux driver??? Highly unlikely I
suppose....
There is nothing else (that I can see) that could possibly be going wrong -
I even tried exchanging the 10base-T hub with a (ironically Cisco)
100base-T switch....
Is there anyone familiar enough with the format of the GRE packet out there
that can look at my previous posting of a few of these truncated data
packets and figure out what is being left out? Perhaps ip_wccp will need
to be modified to unencapsulate those as well (or do truncated packets
simply get dropped by the kernel?)
I've put far too much time (40+ hours) into this to give up now.... Any
help/comments/suggestions would be greatly appreciated.
Nathan Lewis
Senior Network Administrator
nathan_lewis@uclid.com
----------------------------------------------------------------------
CONFIDENTIALITY NOTICE -- This email is ONLY for the person(s) named in
the message header. Unless otherwise indicated, it contains information
that is confidential, privileged or exempt from disclosure under applicable
law.
If you have received it in error, please notify the sender of the error and
delete the message. Thank you.
--------------------------------------------------------------------------
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Dec 13 2000 - 14:38:29 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:57 MST