From silence@nilpotent.org  Sun Feb  2 09:09:03 2003
Return-Path: <silence@nilpotent.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8CBB737B401
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Feb 2003 09:09:03 -0800 (PST)
Received: from loops.nilpotent.org (loops.nilpotent.org [12.17.163.70])
	by mx1.FreeBSD.org (Postfix) with SMTP id D766A43F43
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  2 Feb 2003 09:09:02 -0800 (PST)
	(envelope-from silence@nilpotent.org)
Received: (qmail 84777 invoked from network); 2 Feb 2003 17:08:55 -0000
Received: from unknown (203.215.176.26)
  by loops.nilpotent.org with QMTP; 2 Feb 2003 17:08:55 -0000
Received: (qmail 407 invoked by uid 500); 2 Feb 2003 16:22:06 -0000
Message-Id: <20030202162205.406.qmail@homeworld.nilpotent.org>
Date: 2 Feb 2003 16:22:05 -0000
From: Faried Nawaz <fn@hungry.org>
Reply-To: Faried Nawaz <fn@hungryr.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: pseudo-device gre doesn't appear to work with WCCP
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47813
>Category:       kern
>Synopsis:       [gre] pseudo-device gre(4) doesn't appear to work with WCCP
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 02 09:10:10 PST 2003
>Closed-Date:    Sat Sep 15 23:50:10 UTC 2012
>Last-Modified:  Sat Sep 15 23:50:10 UTC 2012
>Originator:     Faried Nawaz
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
>Environment:
System: FreeBSD homeworld.nilpotent.org 4.7-STABLE FreeBSD 4.7-STABLE #4: Fri Jan 31 21:17:53 PKST 2002 root@homeworld.nilpotent.org:/data-one/obj/data-three/freebsd_src/sys/homeworld i386


	
>Description:
	/sys/netinet/ip_gre.c appears to have WCCP support, but it doesn't
	work.  There is a 3rd-party patch available that adds gre support
	for WCCP that does work.

	Since I need to use a third-party patch to do something that FreeBSD
	claims to do, FreeBSD has a bug in its code.
>How-To-Repeat:
	1. compile a kernel with pseudo-device gre and IPFILTER, install, reboot
	2. install squid from ports, configure to enable WCCP
	3. configure your (cisco) router to do WCCP
	4. configure the gre tunnel, as described in gre(4)
	5. configure ipnat on the freebsd box with this in /etc/ipnat.rules:

rdr gre0 0.0.0.0/0 port 80 -> free.bsd.ip.address port 80 tcp

	6. run ipnat -f /etc/ipnat.rules
	7. do tcpdump -npi <ethernet device> proto gre, and see gre traffic
	8. run ipnat -l to see client packets redirected
	9. do tcpdump -npi gre0, and see web traffic from clients
	a. do a tail -f on squid's access log and see...nothing.

Compare with

	1. download the gre patch and gre.c file from 
	http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.11
	2. install the patch and gre.c file.  needs slight munging
	3. compile a kernel as per instructions on that page, install, reboot
	4. install squid from ports, configure to enable WCCP
	5. configure your router to do WCCP
	6. configure ipnat on the freebsd box with this in /etc/ipnat.rules:

rdr rl0 0.0.0.0/0 port 80 -> free.bsd.ip.address port 80 tcp
(substitute your ethernet interface for rl0)

	7. run ipnat -f /etc/ipnat.rules
	8. do a tail -f on squid's access logs and see traffic.

>Fix:
	I wish I knew.  Perhaps I'm doing the tunnel incorrectly.  The
	man page isn't very helpful in this area.
>Release-Note:
>Audit-Trail:

From: Faried Nawaz <fn@hungry.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc: darrenr@pobox.com
Subject: Re: i386/47813: pseudo-device gre doesn't appear to work with WCCP
Date: Fri, 7 Feb 2003 05:05:03 -0800

 Oops.  My email address is fn@hungry.org, not the mistyped fn@hungryr.org.
 No wonder I didn't get any replies.
 
 Maxim Sobolev's message on the freebsd-net list describes a workable solution
 to my problem using ipfw.  A similar setup with ipf does not work.
 
 Darren, if you want, I can give you access to the machine in question.
 Has the latest -stable bits.  Mail me in private.
 
 
 Faried.
 -- 
 The Great GNU has arrived, infidels, behold his wrath !
 "If a MOO runs on a port no one accesses, does it run?"
Responsible-Changed-From-To: freebsd-bugs->bms 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue 2 Sep 2003 16:57:02 PDT 
Responsible-Changed-Why:  
I'll look into this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47813 
State-Changed-From-To: open->feedback 
State-Changed-By: bms 
State-Changed-When: Tue 25 Nov 2003 03:48:52 PST 
State-Changed-Why:  
Looks like submitter didn't remove the route created by configuring gre(4) 
to IFF_UP state. I have reports from benno@ that WCCP works fine with 
4.9-RELEASE gre(4) driver when this step takes place. I personally can't 
comment on the use of NAT in submitter's case. 

Please repeat the procedure expressed in the PR and remove the interface 
route to destination after creating the gre0 instance. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47813 
State-Changed-From-To: feedback->suspended 
State-Changed-By: bms 
State-Changed-When: Wed Jun 16 03:53:10 GMT 2004 
State-Changed-Why:  
Timeout on feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47813 
Responsible-Changed-From-To: bms->freebsd-bugs 
Responsible-Changed-By: bms 
Responsible-Changed-When: Tue Nov 2 07:00:26 GMT 2004 
Responsible-Changed-Why:  
Back to the free pool 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47813 

From: "Francis A. Vidal" <francisv@dagupan.com>
To: <freebsd-gnats-submit@FreeBSD.org>, <fn@hungryr.org>
Cc:  
Subject: Re: kern/47813: pseudo-device gre doesn't appear to work with WCCP
Date: Fri, 1 Apr 2005 16:23:12 +0800

 Same here, couldn't get it to work with FreeBSD 5.3-RELEASE
 
 ---
  francis a. vidal [bitstop network services] | http://www.bnshosting.net
  streaming media + web hosting               | http://www.bitstop.ph
  v(02)330-2871,(02)330-2872; f(02)330-2873   | http://www.kuro.ph
State-Changed-From-To: suspended->closed 
State-Changed-By: eadler 
State-Changed-When: Sat Sep 15 23:50:07 UTC 2012 
State-Changed-Why:  
Feedback timeout. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47813 
>Unformatted:
