On Sunday 2010-10-24 19:30, Andrew Beverley wrote: >> >All I want to do is retain a packet's mark from its arrival into Squid, >> >onto its transmission to the client. Something like this: >> > >> > >> >ppp0 -> PREROUTING -> Squid -> POSTROUTING -> eth0 >> > >> > ^^ ^^ >> > Set Mark Read mark >> > >> >If this isn't possible then please tell me. >> >> Hm, interesting case. I would say you could: >> >> - use CONNMARK in PREROUTING/INPUT >> - use libnetfilter_conntrack to query the connmark from within squid >> (since squid has address and port, that should identify the >> connection within the nfct table) >> - use the so-obtained ctmark to populate the new socket's skmark > >Thanks for this suggestion. Thought I'd drop a quick email (for >completeness) to say that the patch for this has now been included into >Squid. So, it is now possible for Squid to retain the mark on packets >for items that aren't cached, or set a mark on packets when items are >fetched from the cache. I looked at the change in the squid SCM and... libnetfilter_conntrack offers .pc files, so squid's configure.ac should make use of PKG_CHECK_MODULES. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
