Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Howto applying zph patch on LUSCA r14850

    Scheduled Pinned Locked Moved Traffic Shaping
    4 Posts 3 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SaFi
      last edited by

      Hello folks

      I am use pfsense 1.2.3-RELEASE with squid cache patched by chudy and I very happy with it

      $ squid -v
      Squid Cache: Version LUSCA r14850 patched: chudy r14
      configure options:  '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' 
      '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' 
      '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB LDAP YP' 
      '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' 
      '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-storeio=aufs null coss' 
      '--enable-delay-pools' '--enable-snmp' '--disable-wccp' '--disable-ident-lookups' '--enable-arp-acl' '--enable-pf-transparent' '--with-large-files' 
      '--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' 
      '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 
      'CFLAGS=-O2 -fno-strict-aliasing -pipe -I/usr/local/include  -DLDAP_DEPRECATED' 'LDFLAGS= -L/usr/local/lib' 'CPPFLAGS='
      

      recently I notice that I couldn't bypass full speed traffic to my clients behind MikroTik routers (acting as remote getaway) connected to pfsense that act as proxy cache server, so i made quick search and realized that I must applying such patch to able to use zph configuration and use TOS in MT

      I find this but I couldn't understand it cause it not in English

      so I wonder if the squid cache package are already patch with zph or I must apply it manually ?
      and if so how can do this and where can I find patch files

      TIA

      1 Reply Last reply Reply Quote 0
      • S
        SaFi
        last edited by

        Hi again
        I decide to ignore that my lusca package patched or not by testing zph configuration so I placed this in custom options in squid.conf

        zph_mode tos
        zph_local 0x30
        zph_parent 0
        zph_option 136

        after saving and restart squid it's seem it's not work
        hence while run tcpdump

        tcpdump -nnvvi rl0 | grep 'tos 0x'
        

        and I get lines like this

        21:02:33.760598 IP (tos 0x0, ttl 50, id 39136, offset 0, flags [DF], proto TCP (6), length 52)
        

        it’ seem that the marking doesn’t work …right?

        it's appear that all tos mark with 0x0 not with 0x3 and that cause to me issue in mangle marking packets in mikrotik moreover I try several values in in zph_local like 0x40,0x04,0x03,…

        do I did something wrong or missed something ? why squid doesn't mark packets correctly?

        your help will be appreciated

        SaFi

        1 Reply Last reply Reply Quote 0
        • C
          cylent
          last edited by

          at least you're getting a result for the tcpdump command.
          i get absolutely no response from tcpdump.

          [2.0.1-RELEASE][root@pfsense.localdomain]/root(1): tcpdump -nnvvi em0 | grep 'tos 0x'
          and i also get the same results.
          but should we 0x0's.

          and my squid is: Squid Cache: Version LUSCA r14850 patched: chudy r14

          so i do have those same options enabled as you.

          1 Reply Last reply Reply Quote 0
          • D
            dhatz
            last edited by

            Remember that only the traffic that comes from squid's cache will be marked. So you have to keep an eye at squid's log (tail -f /var/log/squid/access.log) to see if cache HIT are sent with appropriate tos (using tcpdump).

            It worked as expected when I tested it a few months ago.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.