RE: [squid-users] FW: WCCP and Fedora 3 not working

Omnia,

Well my use of the word 'downgrade' is misleading - you need to build a
kernel from source if you want to be able to load your own modules and I
just built one that was lower than what FC3 + yum left me with.

There are lots of good guides out there to building kernels properly,
but for what it is worth, the following is what I do to hack a new
kernel+wccp module - you should however do your own research to make
sure that you are doing the right thing for your environment:

Download the appropriate kernel (e.g. linux-2.6.8.tar.gz) from
www.kernel.org into /usr/src
tar xzpf linux-2.6.8.tar.gz
rm linux-2.6.8.tar.gz
mv linux-2.6.8 linux
cd linux

Increase some of the kernel defaults:

vi include/linux/sem.h
and change the following line:
#define SEMMNI 128
to read:
#define SEMMNI 512

vi include/linux/limits.h
and change the following line:
#define NR_OPEN 1024
to read:
#define NR_OPEN 8192
and change the following line:
#define OPEN_MAX 256
to read:
#define OPEN_MAX 8192

vi include/linux/posix_types.h
and change the following line:
#define __FD_SETSIZE 1024
to read:
#define __FD_SETSIZE 8192

Set compile-time optimisations
vi Makefile
and change the following line:
HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
to read:
HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -march=i686
-funroll-loops -fomit-frame-pointer
and change the following line:
CFLAGS := -Wall -Wstrict-prototypes -Wno-trigraphs \
          -fno-strict-aliasing -fno-common
to read:
CFLAGS := -Wall -Wstrict-prototypes -Wno-trigraphs -O2 \
          -march=i686 -funroll-loops -fno-strict-aliasing -fno-common

Make sure that /usr/include/asm and /usr/include/linux are only symbolic
links to the newly downloaded source:

  cd /usr/include
  rm -rf asm linux
  ln --symbolic /usr/src/linux/include/asm-i386 asm
  ln --symbolic /usr/src/linux/include/asm-generic asm-generic
  ln --symbolic /usr/src/linux/include/linux linux

Make sure we have no stale object files or dependencies hanging around:

  cd /usr/src/linux
  make mrproper

Compile the Kernel:

  make menuconfig
(Ensure that you chose the correct CPU type)
Enable netfilter and GRE tunneling (should already be enabled)
Turn all netfilter options to Y rather than M
Strip out anything you definitely don't need
  make clean
  make bzImage
  make modules
  make modules_install

Install the Kernel
  cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.8
  cp .config /boot/config-2.6.8
  cp System.map /boot/System.map-2.6.8
  mkinitrd /boot/initrd-2.6.8.img 2.6.8

Now edit /etc/grub.conf (vi /etc/grub.conf) to add the following at the
end:

title Rebuilt Kernel for Squid WCCP (2.6.8)
        root (hd0,0)
        kernel /vmlinuz-2.6.8 ro root=LABEL=/
        initrd /initrd-2.6.8.img

Reboot from the new kernel; if this works ok, then move the entry in
grub.conf to the top of the list to make it default.

Compile and load WCCP kernel module

Download the ip_wccp.c module from the Squid FAQ into /var/tmp

  echo 'obj-m := ip_wccp.o' > Makefile
  make -C /usr/src/linux M=$PWD V=1 modules
  cp ip_wccp.ko /lib/modules/2.6.8/kernel/net/ipv4
  edit modules dep file (vi /lib/modules/2.6.8/modules.dep) and add the
following line:
  /lib/modules/2.6.8/kernel/net/ipv4/ip_wccp.ko:

  modprobe ip_wccp

  echo 'modprobe ip_wccp' >> /etc/rc.d/rc.local

Regards

Philip DG

> -----Original Message-----
> From: Omnia Ibrahem [mailto:omnia@egyptnetwork.com]
> Sent: 24 May 2005 15:07
> To: Damian-Grint Philip
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] FW: WCCP and Fedora 3 not working
>
>
> Hi Philip,
> Plz can u send me the steps of how to downgrade
> kernel from
> 2.6.9 to 2.6.8 cause im new dealing with kernel.
>
> Thanx alot
>
>
>
>
> ----- Original Message -----
> From: "Damian-Grint Philip" <pdamian-grint@collierscre.co.uk>
> To: "Omnia Ibrahem" <omnia@egyptnetwork.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Monday, May 23, 2005 8:10 PM
> Subject: RE: [squid-users] FW: WCCP and Fedora 3 not working
>
>
> Hi Omnia,
>
> I backed down to 2.6.8 only because the ip_wccp.c module in the squid
> faq was last modified to work with 2.6.8 and I was just being
> cautious -
> it may well work with later versions but I didn't have time to build,
> find problems and rebuild.
>
> Regards
>
> Philip DG
>
> > -----Original Message-----
> > From: Omnia Ibrahem [mailto:omnia@egyptnetwork.com]
> > Sent: 22 May 2005 10:40
> > To: Damian-Grint Philip; Nigel Oakley; squid-users@squid-cache.org
> > Subject: Re: [squid-users] FW: WCCP and Fedora 3 not working
> >
> >
> > Hii there,
> > u mean that i cant make wccp work with kernel
> > 2.6.9 , as u
> > backed down to 2.6.8 to make it work.
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "Damian-Grint Philip" <pdamian-grint@collierscre.co.uk>
> > To: "Nigel Oakley" <nigel@oakley.vnworks.net>;
> > <squid-users@squid-cache.org>
> > Sent: Friday, May 20, 2005 7:15 PM
> > Subject: RE: [squid-users] FW: WCCP and Fedora 3 not working
> >
> >
> > Hi Nigel,
> >
> > I have just upgraded all my Redhat 7.2 Squid servers to
> > Fedora FC3, and
> > I have WCCP working fine.
> >
> > It sounds like you have the squid wccp bit done ok - that's
> what does
> > the hello stuff. - check your output from debug ip icmp on
> > your router -
> > if you're getting protocol unreachable, the problem is your wccp
> > interception at the kernel on your squid box.
> >
> > I backed the kernel down to 2.6.8, only because that is
> what the wccp
> > module had been supposedly written for. You shouldn't need to play
> > around with sysctl settings, although you might need to
> switch off ECN
> > if on and your testing indicates a need.
> >
> > I've never used ip_gre, only the ip_wccp module:
> >
> > Download the ip_wccp.c module from the Squid FAQ into /var/tmp
> >
> > echo 'obj-m := ip_wccp.o' > Makefile
> > make -C /usr/src/linux M=$PWD V=1 modules
> > cp ip_wccp.ko /lib/modules/2.6.8/kernel/net/ipv4
> > edit modules dep file (vi /lib/modules/2.6.8/modules.dep)
> and add the
> > following line:
> > /lib/modules/2.6.8/kernel/net/ipv4/ip_wccp.ko:
> >
> > modprobe ip_wccp
> >
> > Squid config fragment:
> >
> > wccp_version 4
> > wccp_router 10.129.110.251
> > snmp_port 3401
> > httpd_accel_host virtual
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> >
> > Cisco config:
> >
> > ip wccp web-cache redirect-list 100
> > ip wccp version 1
> > ip cef
> >
> > interface fa0/0
> > ! facing the firewall
> > ip wccp web-cache redirect out
> > no ip redirects
> > ip route-cache same-interface
> >
> > interface fa0/1
> > ! facing the internal network
> >
> > ! don't classify internal traffic
> > access-list 100 deny ip 10.0.0.0 0.255.255.255 10.0.0.0
> 0.255.255.255
> > ! classify internet bound traffic
> > access-list 100 permit 10.0.0.0 0.255.255.255 any
> > access-list 100 deny ip any
> >
> > IPtables config:
> >
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> REDIRECT \
> > --to-port 3128
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT \
> > --to 127.0.0.1:3128
> >
> > Hope that something in the above sorts your problem,
> otherwise let me
> > know and I will send you my (tediously long) build log which
> > I wrote for
> > the non-linux guys here.
> >
> > Regards
> >
> > Philip Damian-Grint
> > CCNP
> > Infrastructure Team
> > Business Systems & IT
> > Colliers CRE
> > Tel. +44(0)20 7487 1928
> > Fax. +44(0)20 7487 1671
> >
> >
> > Confidentiality Notice
> > This communication and the information it contains:
> > (a) is intended for the person(s) or Organisation(s) named
> > above and for no
> > other persons or organisations and,
> > (b) may be confidential, legally privileged and protected by law.
> > Unauthorised use, copying or disclosure of any of it may be
> unlawful.
> > When addressed to our clients any opinions or advice
> > contained in this
> > e-mail are subject to CCRE's terms and conditions of business
> > notified to
> > the client or expressed in the governing client engagement letter.
> > If you receive this communication in error, please notify us
> > immediately,
> > destroy any copies and delete it from your computer system.
> >
> >
> >
> ______________________________________________________________________
> > This email has been scanned by the MessageLabs Email
> Security System.
> > For more information please visit http://www.messagelabs.com/email
> >
> ______________________________________________________________________
> >
>
> Confidentiality Notice
> This communication and the information it contains:
> (a) is intended for the person(s) or Organisation(s) named
> above and for no
> other persons or organisations and,
> (b) may be confidential, legally privileged and protected by law.
> Unauthorised use, copying or disclosure of any of it may be unlawful.
> When addressed to our clients any opinions or advice
> contained in this
> e-mail are subject to CCRE's terms and conditions of business
> notified to
> the client or expressed in the governing client engagement letter.
> If you receive this communication in error, please notify us
> immediately,
> destroy any copies and delete it from your computer system.
>
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
>

Confidentiality Notice
This communication and the information it contains:
(a) is intended for the person(s) or Organisation(s) named above and for no other persons or organisations and,
(b) may be confidential, legally privileged and protected by law.
Unauthorised use, copying or disclosure of any of it may be unlawful.
When addressed to our clients any opinions or advice contained in this e-mail are subject to CCRE's terms and conditions of business notified to the client or expressed in the governing client engagement letter.
If you receive this communication in error, please notify us immediately, destroy any copies and delete it from your computer system.
Received on Tue May 24 2005 - 08:58:50 MDT