[squid-users] Re: RE : [squid-users] Squid vs WCCPv2 - Need help involving interpretation in Wireshark

Yanis Sauvé wrote:
>
>
>
> -------- Message d'origine--------
> De: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Date: mer. 13/01/2010 22:17
> À: squid-users_at_squid-cache.org
> Objet : Re: [squid-users] Squid vs WCCPv2 - Need help involving
> interpretation in Wireshark
>
> <snip>
>
> >Should look like packets arriving on the main interface from the client
> >host.
>
> The packets I see in WS have my router's IP as source, and the cache
> server's as destination. WS shows the packet that's encapsulated in GRE.

Uhm, thats not what I recall seeing. You may need to check that they are
being gre-decapsulated by iptables.

The easy way is to set Squid debugging level "debug_options 5,6". When
working you should be able to see the client connections being
accept()ed by Squid.

>
> So, in other words, the problem is likely in the way iptables handles
> the packets, or in squid itself?
>
> >Yes. In wireshark the gre interface is not visible. gre interface is
> >unwrapping packets then re-scheduling them through the OS routing stack
> >as if they arrived on the primary interface. In your case it sounds like
> >the main one is eth0/bond0.
> >The only way I know of identifying the exact handling interface is
> >logging from ebtables or watching the receiving interface counters grow.
>
> Would this mean that I can see the interface in WS, but see no packets
> coming in through it?

Well, in the two traces I've worked through for interception that has
been the case. The interface counters raise, but WS saw the
decapsulated data.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
   Current Beta Squid 3.1.0.15