Project

General

Profile

Bug #1096

pf TSO patch fallout - squid (and potentially other) issues

Added by Jim Pingle over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Operating System
Target version:
Start date:
12/12/2010
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.0
Affected Architecture:
All

Description

With commit:c57f939b20a6a7a66351ce973843ce7d8564ed72 ( https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/c57f939b20a6a7a66351ce973843ce7d8564ed72 ) in the tools repo a patch was added to improve the behavior of TSO.

At the very least this patch has broken squid's transparent redirect, and potentially other things.

On a snapshot from today, you can install squid, turn on transparent mode and the redirect tries to happen but just hangs. I built a custom update with just that one patch reverted and it works fine with squid and transparent mode.

I hesitate to just revert the patch in the repo in case it can be easily fixed.

History

#1 Updated by Maciej Kazulak over 8 years ago

Same issue here.

Performed an auto update today. Installed squid. Normal proxy works ok, transparent does not. From what i can see with tcpdump my machine does get the responses but the checksums are incorrect:

15:18:25.061646 IP (tos 0x0, ttl 64, id 5071, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.9.42932 > 69.64.6.26.80: Flags [S], cksum 0x8bf7 (correct), seq 3520042352, win 5840, options [mss 1460,sackOK,TS val 36275903 ecr 0,nop,wscale 7], length 0
15:18:25.061826 IP (tos 0x0, ttl 64, id 28216, offset 0, flags [DF], proto TCP (6), length 60)
69.64.6.26.80 > 192.168.1.9.42932: Flags [S.], cksum 0xa4a2 (incorrect -> 0x0bf1), seq 1247462501, ack 3520042353, win 65228, options [mss 1460,nop,wscale 3,sackOK,TS val 263158157 ecr 36275903], length 0
...

#2 Updated by Jim Pingle over 8 years ago

I disabled the patch and have a new snapshot building now. The next new snapshot dated after this update should be OK.

#3 Updated by Maciej Kazulak over 8 years ago

Updated to:
2.0-BETA4 (i386)
built on Wed Dec 15 20:50:23 EST 2010

Seems to work fine so far.

#4 Updated by Chris Buechler over 8 years ago

  • Status changed from New to Feedback

#5 Updated by Maciej Kazulak over 8 years ago

I've been testing squid in transparent mode for the last few days at work and haven't noticed any problems.

Currently using:
2.0-BETA4 (i386) built on Mon Dec 20 20:21:46 EST 2010

#6 Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF