Squid configuration directive qos_flows
- Changes in 3.2 qos_flows
New options mark and tos and miss
tos retains the original QOS functionality of the IP header TOS field.
mark offers the same functionality, but with a netfilter mark value.
These options should be placed immediately after qos_flows.
The tos value is optional in order to maintain backwards compatability.
The preserve-miss functionality is available with the mark option and requires no kernel patching. It does, however, require libnetfilter_conntrack. This will be included by default if available (see the --without-netfilter-conntrack configure option for more details).
miss sets a value for a cache miss. It is available for both the tos and mark options and takes precedence over the preserve-miss feature.
- Changes in 3.1 qos_flows local-hit= sibling-hit= parent-hit=
Allows you to select a TOS/DSCP value to mark outgoing connections with, based on where the reply was sourced. TOS values really only have local significance - so you should know what you're specifying. For more information, see RFC2474, RFC2475, and RFC3260. The TOS/DSCP byte must be exactly that - octet value 0x00-0xFF. Note that in practice often only multiples of 4 is usable as the two rightmost bits have been redefined for use by ECN (RFC 3168 section 23.1). Note that in practice often only values up to 0xFC are usable, and only in multiple of 4, as the two rightmost bits have been redefined for use by ECN (RFC3168). This setting is configured by setting the source TOS values: local-hit=0xFF Value to mark local cache hits. sibling-hit=0xFF Value to mark hits from sibling peers. parent-hit=0xFF Value to mark hits from parent peers. NOTE: 'miss' preserve feature is only possible on Linux at this time. For the following to work correctly, you will need to patch your linux kernel with the TOS preserving ZPH patch. The kernel patch can be downloaded from http://zph.bratcheda.org disable-preserve-miss If set, any HTTP response towards clients will have the TOS value of the response comming from the remote server masked with the value of miss-mask. miss-mask=0xFF Allows you to mask certain bits in the TOS received from the remote server, before copying the value to the TOS sent towards clients. Default: 0xFF (TOS from server is not changed).
Allows you to select a TOS/DSCP value to mark outgoing connections to the client, based on where the reply was sourced. For platforms using netfilter, allows you to set a netfilter mark value instead of, or in addition to, a TOS value. By default this functionality is disabled. To enable it with the default settings simply use "qos_flows mark" or "qos_flows tos". Default settings will result in the netfilter mark or TOS value being copied from the upstream connection to the client. Note that it is the connection CONNMARK value not the packet MARK value that is copied. It is not currently possible to copy the mark or TOS value from the client to the upstream connection request. TOS values really only have local significance - so you should know what you're specifying. For more information, see RFC2474, RFC2475, and RFC3260. The TOS/DSCP byte must be exactly that - a octet value 0 - 255. Note that only multiples of 4 are usable as the two rightmost bits have been redefined for use by ECN (RFC 3168 section 23.1). The squid parser will enforce this by masking away the ECN bits. Mark values can be any unsigned 32-bit integer value. This setting is configured by setting the following values: tos|mark Whether to set TOS or netfilter mark values local-hit=0xFF Value to mark local cache hits. sibling-hit=0xFF Value to mark hits from sibling peers. parent-hit=0xFF Value to mark hits from parent peers. miss=0xFF[/mask] Value to mark cache misses. Takes precedence over the preserve-miss feature (see below), unless mask is specified, in which case only the bits specified in the mask are written. The TOS variant of the following features are only possible on Linux and require your kernel to be patched with the TOS preserving ZPH patch, available from http://zph.bratcheda.org No patch is needed to preserve the netfilter mark, which will work with all variants of netfilter. disable-preserve-miss This option disables the preservation of the TOS or netfilter mark. By default, the existing TOS or netfilter mark value of the response coming from the remote server will be retained and masked with miss-mark. NOTE: in the case of a netfilter mark, the mark must be set on the connection (using the CONNMARK target) not on the packet (MARK target). miss-mask=0xFF Allows you to mask certain bits in the TOS or mark value received from the remote server, before copying the value to the TOS sent towards clients. Default for tos: 0xFF (TOS from server is not changed). Default for mark: 0xFFFFFFFF (mark from server is not changed). All of these features require the --enable-zph-qos compilation flag (enabled by default). Netfilter marking also requires the libnetfilter_conntrack libraries (--with-netfilter-conntrack) and libcap 2.09+ (--with-libcap).
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
- FAQ and Wiki
- Guide Books:
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork