Howto applying zph patch on LUSCA r14850

SaFi

Hello folks

I am use pfsense 1.2.3-RELEASE with squid cache patched by chudy and I very happy with it

$ squid -v
Squid Cache: Version LUSCA r14850 patched: chudy r14
configure options:  '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' 
'--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' 
'--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB LDAP YP' 
'--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' 
'--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-storeio=aufs null coss' 
'--enable-delay-pools' '--enable-snmp' '--disable-wccp' '--disable-ident-lookups' '--enable-arp-acl' '--enable-pf-transparent' '--with-large-files' 
'--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' 
'--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 
'CFLAGS=-O2 -fno-strict-aliasing -pipe -I/usr/local/include  -DLDAP_DEPRECATED' 'LDFLAGS= -L/usr/local/lib' 'CPPFLAGS='

recently I notice that I couldn't bypass full speed traffic to my clients behind MikroTik routers (acting as remote getaway) connected to pfsense that act as proxy cache server, so i made quick search and realized that I must applying such patch to able to use zph configuration and use TOS in MT

I find this but I couldn't understand it cause it not in English

so I wonder if the squid cache package are already patch with zph or I must apply it manually ?
and if so how can do this and where can I find patch files

TIA

SaFi

Hi again
I decide to ignore that my lusca package patched or not by testing zph configuration so I placed this in custom options in squid.conf

zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

after saving and restart squid it's seem it's not work
hence while run tcpdump

tcpdump -nnvvi rl0 | grep 'tos 0x'

and I get lines like this

21:02:33.760598 IP (tos 0x0, ttl 50, id 39136, offset 0, flags [DF], proto TCP (6), length 52)

it’ seem that the marking doesn’t work …right?

it's appear that all tos mark with 0x0 not with 0x3 and that cause to me issue in mangle marking packets in mikrotik moreover I try several values in in zph_local like 0x40,0x04,0x03,…

do I did something wrong or missed something ? why squid doesn't mark packets correctly?

your help will be appreciated

SaFi

cylent

at least you're getting a result for the tcpdump command.
i get absolutely no response from tcpdump.

[2.0.1-RELEASE][root@pfsense.localdomain]/root(1): tcpdump -nnvvi em0 | grep 'tos 0x'
and i also get the same results.
but should we 0x0's.

and my squid is: Squid Cache: Version LUSCA r14850 patched: chudy r14

so i do have those same options enabled as you.

dhatz

Remember that only the traffic that comes from squid's cache will be marked. So you have to keep an eye at squid's log (tail -f /var/log/squid/access.log) to see if cache HIT are sent with appropriate tos (using tcpdump).

It worked as expected when I tested it a few months ago.