On Mar 20, 2012, at 10:20 AM, Amos Jeffries wrote:
> On 21/03/2012 2:26 a.m., Brian Landy wrote:
>> Hi, I was hoping to use traffic shaping to reserve bandwidth for http streaming video, and use squid to tag the video traffic separately from other content. I am running OpenBSD 5.0 with squid 2.7, using squid as a transparent non-caching proxy. I am attempting to get squid to set the TOS on the packets from server to client so pf can assign them to an appropriate queue (outbound on the internal interface).
>
>>
>> So I tried something like this:
>>
>> acl webvideo rep_mime_type -i ^video/MP2T$
>> acl webvideo rep_mime_type -i ^video/mp4$
>> tcp_outgoing_tos 0x15 webvideo
>>
>> However, as best I can tell squid is not setting the tos on any of these packets. Have I overlooked something? (the 0x15 was picked at random) I verified I have the rep_mime_types defined properly by setting “http_reply_access deny webvideo” and the content was blocked.
>
> You overlooked that outgoing TOS is on the request from Squid to the server. Squid does not have any reply yet.
>
> You need to find some request-based way to predict what type of reply will come back. I would think a few false positives would be fine so you can probably base it on the domain name or a URL file-extension pattern. Squid ACLs have full access to any header content though, there may be something better buried in there.
>
>>
>> Also, to validate that squid was able to set TOS at all, I tried this:
>>
>> acl all src all
>> tcp_outgoing_tos 0x15 all
>>
>> In this case I see the tos set on the packets to the server, but not set on the packets back to the client (which I believe I need set in order to assign the streaming content to the appropriate queue on the inside interface).
>
> There is a clientside_tos in Squid-3 series for the packets going from Squid to client.
>
>> Any advice on what I am doing wrong, or whether squid is even the correct approach for this, is greatly appreciated. Thanks!
>
> You need to upgrade to squid-3. Preferrably the current supported release (3.1.19 as of this writing).
>
>
> Amos
Thanks, I’ve installed 3.1.19 and have been giving it a try. It seems like clientside_tos is exactly what I want.
However, I have been unable to get it to work on some simple examples:
acl myhost 192.168.0.1
http_access allow myhost
clientside_tos 0x15 myhost
or
acl d_any all
http_access allow d_any
clientside_tos 0x15 any
or
clientside_tos 0x15 all
When I inspect the packets returned from the proxy to the client, tos is not set. Any thoughts?
And to clarify, matching rep_mime_type won’t work for this, in conjunction with clientside_tos, even though it inspects the reply?
Thanks,
Brian
