pf TSO patch fallout - squid (and potentially other) issues
With commit:c57f939b20a6a7a66351ce973843ce7d8564ed72 ( https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/c57f939b20a6a7a66351ce973843ce7d8564ed72 ) in the tools repo a patch was added to improve the behavior of TSO.
At the very least this patch has broken squid's transparent redirect, and potentially other things.
On a snapshot from today, you can install squid, turn on transparent mode and the redirect tries to happen but just hangs. I built a custom update with just that one patch reverted and it works fine with squid and transparent mode.
I hesitate to just revert the patch in the repo in case it can be easily fixed.
#1 Updated by Maciej Kazulak over 8 years ago
Same issue here.
Performed an auto update today. Installed squid. Normal proxy works ok, transparent does not. From what i can see with tcpdump my machine does get the responses but the checksums are incorrect:
15:18:25.061646 IP (tos 0x0, ttl 64, id 5071, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.9.42932 > 18.104.22.168.80: Flags [S], cksum 0x8bf7 (correct), seq 3520042352, win 5840, options [mss 1460,sackOK,TS val 36275903 ecr 0,nop,wscale 7], length 0
15:18:25.061826 IP (tos 0x0, ttl 64, id 28216, offset 0, flags [DF], proto TCP (6), length 60)
22.214.171.124.80 > 192.168.1.9.42932: Flags [S.], cksum 0xa4a2 (incorrect -> 0x0bf1), seq 1247462501, ack 3520042353, win 65228, options [mss 1460,nop,wscale 3,sackOK,TS val 263158157 ecr 36275903], length 0