ZPH - TOS marking with TOS preservation documentation

Info

This is an extended version of the TOS marking ZPH patch. It can copy (and optionally mask) the TOS from the server side connection to the client side. The preservation, of course takes place only when cache MISS occurres, which requres direct server access.

Why kernel patch is required

Due to current linux kernel state (as of 2.4.30 and 2.6.11) there is no way for a userspace application to receive the TOS value of the incoming packets bound to initiated TCP connection. In fact this is only possible when using raw sockets (AFAIK). SQUID is nothing more than an userspace daemon application, so it is affected by this missing kernel feature. The simple solution I decided on (anyone with better ideas is welcome) was to build a kernel patch, which adds the missing capability.

The kernel patch itself

It is extremelly simple and robust solution for the problem - the received TOS is available through a call to getsockopt socket API function after a proper call to setsockopt for activating the feature for this particular socket. In the spirit of ZPH, nothing more that what is really needed has been added to linux kernel. Currently the TOS information is only available for outgoing TCP sockets (connections established using connect API call). If necessary (I do not see any need for this currently), the patch can be easily extended to return TOS also for incoming TCP connections (those obtained using accept).

Kernel hacking

Download the patch for your kernel (see the main page for availability). Go to the kernel source directory and apply the patch using a command like:

patch -p1 < linux-2.4.30-zph-ToS.patch

or, for the 2.6 series:

patch -p1 < linux-2.6.11.10-zph-ToS.patch

Always do full, clean compilation of the kernel. I had some problems because the dependancy checking cannot catch all real dependancies when doing incremental build.

SQUID patching

It is straight forward. Unpack the version of SQUID supported by the patch and in its source tree directory issue a command similar to:

patch -p1 < squid-2.5.STABLE10-ToS_Hit_ToS_Preserve.patch

Rebuild, install and configure (see the section bellow) SQUID.

SQUID configuration

The extension of ZPH TOS marking patch has these knobs you can tweak:

zph_tos_local (integer)	Allows you to select a TOS/Diffserv value to mark local hits. Default: 0 (disabled)
zph_tos_peer (integer)	Allows you to select a TOS/Diffserv value to mark peer hits (siblings and parent). Default: 0 (disabled)
zph_tos_parent (on\|off)	Set this to off if you want only sibling hits to be marked. If set to on (default), parent hits are being marked too. Default: on
zph_preserve_miss_tos on (on\|off)	If set to on (default), any HTTP response towards clients will have the TOS value of the response comming from the remote server, masked with the value of zph_preserve_miss_tos_mask. For this to work correctly, you will need to patch your linux kernel with the TOS preserving ZPH patch. Default: on
zph_preserve_miss_tos_mask (0-255)	Allows you to mask certain bits in the TOS received from the remote server, before copying the value to the TOS send towards clients. Default: 255 (TOS from server is not changed)

Patch state and feedback

The extended ZPH TOS marking patch will work with and without the kernel patch. However the kernel patch state is "it works for me". I've done testing on my own and have not found any problems with eighter 2.4 or 2.6 kernel series. I've tested SQUID in both classic and transparent proxying mode. Any feedback good or bad, is welcome.