On 21/03/2012 10:19 a.m., Brian Landy wrote:
On Mar 20, 2012, at 10:20 AM, Amos Jeffries wrote:
On 21/03/2012 2:26 a.m., Brian Landy wrote:
Hi, I was hoping to use traffic shaping to reserve bandwidth for http streaming
video, and use squid to tag the video traffic separately from other content. I
am running OpenBSD 5.0 with squid 2.7, using squid as a transparent non-caching
proxy. I am attempting to get squid to set the TOS on the packets from server
to client so pf can assign them to an appropriate queue (outbound on the
internal interface).
So I tried something like this:
acl webvideo rep_mime_type -i ^video/MP2T$
acl webvideo rep_mime_type -i ^video/mp4$
tcp_outgoing_tos 0x15 webvideo
However, as best I can tell squid is not setting the tos on any of these
packets. Have I overlooked something? (the 0x15 was picked at random) I
verified I have the rep_mime_types defined properly by setting
“http_reply_access deny webvideo” and the content was blocked.
You overlooked that outgoing TOS is on the request from Squid to the server.
Squid does not have any reply yet.
You need to find some request-based way to predict what type of reply will come
back. I would think a few false positives would be fine so you can probably
base it on the domain name or a URL file-extension pattern. Squid ACLs have
full access to any header content though, there may be something better buried
in there.
Also, to validate that squid was able to set TOS at all, I tried this:
acl all src all
tcp_outgoing_tos 0x15 all
In this case I see the tos set on the packets to the server, but not set on the
packets back to the client (which I believe I need set in order to assign the
streaming content to the appropriate queue on the inside interface).
There is a clientside_tos in Squid-3 series for the packets going from Squid to
client.
Any advice on what I am doing wrong, or whether squid is even the correct
approach for this, is greatly appreciated. Thanks!
You need to upgrade to squid-3. Preferrably the current supported release
(3.1.19 as of this writing).
Amos
Thanks, I’ve installed 3.1.19 and have been giving it a try. It seems like
clientside_tos is exactly what I want.
However, I have been unable to get it to work on some simple examples:
acl myhost 192.168.0.1
http_access allow myhost
clientside_tos 0x15 myhost
or
acl d_any all
http_access allow d_any
clientside_tos 0x15 any
or
clientside_tos 0x15 all
When I inspect the packets returned from the proxy to the client, tos is not
set. Any thoughts?
And to clarify, matching rep_mime_type won’t work for this, in conjunction with
clientside_tos, even though it inspects the reply?
Sorry, mea culpa, this is http://bugs.squid-cache.org/show_bug.cgi?id=3504
You can find the patch at
http://master.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10444.patch
If there are any problems with it please let me know asap.
Amos
