On Wednesday 2010-06-30 08:32, Andrew Beverley wrote: >> >> That retrieves the socket mark, not the packet mark. >> >> The packet mark on outgoing packets gets initialized to the socket mark... >> > >> >Hmmm, I understand. So is there any way to retrieve a packet's mark as >> >opposed to a socket's mark? >> >> And how would you do that with SOCK_STREAM anyway? > >I don't know. I'll admit that I don't fully understand what I'm doing >here, which I apologise for, but I'm trying to learn. > >All I want to do is retain a packet's mark from its arrival into Squid, >onto its transmission to the client. Something like this: > > >ppp0 -> PREROUTING -> Squid -> POSTROUTING -> eth0 > > ^^ ^^ > Set Mark Read mark > >If this isn't possible then please tell me. Hm, interesting case. I would say you could: - use CONNMARK in PREROUTING/INPUT - use libnetfilter_conntrack to query the connmark from within squid (since squid has address and port, that should identify the connection within the nfct table) - use the so-obtained ctmark to populate the new socket's skmark -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
