> >All I want to do is retain a packet's mark from its arrival into Squid, > >onto its transmission to the client. Something like this: > > > > > >ppp0 -> PREROUTING -> Squid -> POSTROUTING -> eth0 > > > > ^^ ^^ > > Set Mark Read mark > > > >If this isn't possible then please tell me. > > Hm, interesting case. I would say you could: > > - use CONNMARK in PREROUTING/INPUT > - use libnetfilter_conntrack to query the connmark from within squid > (since squid has address and port, that should identify the > connection within the nfct table) > - use the so-obtained ctmark to populate the new socket's skmark Thanks for this suggestion. Thought I'd drop a quick email (for completeness) to say that the patch for this has now been included into Squid. So, it is now possible for Squid to retain the mark on packets for items that aren't cached, or set a mark on packets when items are fetched from the cache. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
