Bug #1096
closedpf TSO patch fallout - squid (and potentially other) issues
0%
Description
With commit:c57f939b20a6a7a66351ce973843ce7d8564ed72 ( https://rcs.pfsense.org/projects/pfsense-tools/repos/mainline/commits/c57f939b20a6a7a66351ce973843ce7d8564ed72 ) in the tools repo a patch was added to improve the behavior of TSO.
At the very least this patch has broken squid's transparent redirect, and potentially other things.
On a snapshot from today, you can install squid, turn on transparent mode and the redirect tries to happen but just hangs. I built a custom update with just that one patch reverted and it works fine with squid and transparent mode.
I hesitate to just revert the patch in the repo in case it can be easily fixed.
Updated by Maciej Kazulak about 14 years ago
Same issue here.
Performed an auto update today. Installed squid. Normal proxy works ok, transparent does not. From what i can see with tcpdump my machine does get the responses but the checksums are incorrect:
15:18:25.061646 IP (tos 0x0, ttl 64, id 5071, offset 0, flags [DF], proto TCP (6), length 60)
192.168.1.9.42932 > 69.64.6.26.80: Flags [S], cksum 0x8bf7 (correct), seq 3520042352, win 5840, options [mss 1460,sackOK,TS val 36275903 ecr 0,nop,wscale 7], length 0
15:18:25.061826 IP (tos 0x0, ttl 64, id 28216, offset 0, flags [DF], proto TCP (6), length 60)
69.64.6.26.80 > 192.168.1.9.42932: Flags [S.], cksum 0xa4a2 (incorrect -> 0x0bf1), seq 1247462501, ack 3520042353, win 65228, options [mss 1460,nop,wscale 3,sackOK,TS val 263158157 ecr 36275903], length 0
...
Updated by Jim Pingle about 14 years ago
I disabled the patch and have a new snapshot building now. The next new snapshot dated after this update should be OK.
Updated by Maciej Kazulak about 14 years ago
Updated to:
2.0-BETA4 (i386)
built on Wed Dec 15 20:50:23 EST 2010
Seems to work fine so far.
Updated by Chris Buechler about 14 years ago
- Status changed from New to Feedback
Updated by Maciej Kazulak about 14 years ago
I've been testing squid in transparent mode for the last few days at work and haven't noticed any problems.
Currently using:
2.0-BETA4 (i386) built on Mon Dec 20 20:21:46 EST 2010
Updated by Chris Buechler almost 14 years ago
- Status changed from Feedback to Resolved