Howto applying zph patch on LUSCA r14850



  • Hello folks

    I am use pfsense 1.2.3-RELEASE with squid cache patched by chudy and I very happy with it

    $ squid -v
    Squid Cache: Version LUSCA r14850 patched: chudy r14
    configure options:  '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' 
    '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' 
    '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB LDAP YP' 
    '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' 
    '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-storeio=aufs null coss' 
    '--enable-delay-pools' '--enable-snmp' '--disable-wccp' '--disable-ident-lookups' '--enable-arp-acl' '--enable-pf-transparent' '--with-large-files' 
    '--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' 
    '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 
    'CFLAGS=-O2 -fno-strict-aliasing -pipe -I/usr/local/include  -DLDAP_DEPRECATED' 'LDFLAGS= -L/usr/local/lib' 'CPPFLAGS='
    

    recently I notice that I couldn't bypass full speed traffic to my clients behind MikroTik routers (acting as remote getaway) connected to pfsense that act as proxy cache server, so i made quick search and realized that I must applying such patch to able to use zph configuration and use TOS in MT

    I find this but I couldn't understand it cause it not in English

    so I wonder if the squid cache package are already patch with zph or I must apply it manually ?
    and if so how can do this and where can I find patch files

    TIA



  • Hi again
    I decide to ignore that my lusca package patched or not by testing zph configuration so I placed this in custom options in squid.conf

    zph_mode tos
    zph_local 0x30
    zph_parent 0
    zph_option 136

    after saving and restart squid it's seem it's not work
    hence while run tcpdump

    tcpdump -nnvvi rl0 | grep 'tos 0x'
    

    and I get lines like this

    21:02:33.760598 IP (tos 0x0, ttl 50, id 39136, offset 0, flags [DF], proto TCP (6), length 52)
    

    it’ seem that the marking doesn’t work …right?

    it's appear that all tos mark with 0x0 not with 0x3 and that cause to me issue in mangle marking packets in mikrotik moreover I try several values in in zph_local like 0x40,0x04,0x03,…

    do I did something wrong or missed something ? why squid doesn't mark packets correctly?

    your help will be appreciated

    SaFi



  • at least you're getting a result for the tcpdump command.
    i get absolutely no response from tcpdump.

    [2.0.1-RELEASE][root@pfsense.localdomain]/root(1): tcpdump -nnvvi em0 | grep 'tos 0x'
    and i also get the same results.
    but should we 0x0's.

    and my squid is: Squid Cache: Version LUSCA r14850 patched: chudy r14

    so i do have those same options enabled as you.



  • Remember that only the traffic that comes from squid's cache will be marked. So you have to keep an eye at squid's log (tail -f /var/log/squid/access.log) to see if cache HIT are sent with appropriate tos (using tcpdump).

    It worked as expected when I tested it a few months ago.


Log in to reply