On Thu, 2011-05-12 at 23:17 +0100, Ed W wrote: > On 12/05/2011 01:01, Andrew Beverley wrote: > > On Wed, 2011-05-11 at 15:30 +0100, Ed W wrote: > >> On 09/05/2011 22:45, Andrew Beverley wrote: > >>> I wrote a similar patch for Squid (released in V3.2), which allows > >>> packets to be marked before Squid, and Squid to reapply the mark on > >>> retransmission. Marks can also be applied for locally cached files. If > >>> it helps the patch is at: > >>> > >>> http://bazaar.launchpad.net/~squid/squid/3-trunk/revision/10925 > >> > >> > >> Did you find any better way to read the packet mark than using > >> conntrack? I see that's how you are doing it in the patch you reference? > >> > > > > No, I think that's the only/best way of doing it (you can't read it from > > a socket). That's the advice I got from the netfilter developers anyway, > > and it doesn't get much better than that. > > I guess a feature request that the nf_mark is copied down to the "socket > mark" for arriving packets is going to be met with a "lets see your > patch"? Did you do any investigation to see where such code might be > fitted - or even if it's a good idea? I'm afraid I've got no idea. That patch is the only bit of network programming I have done, and the principle behind getting the mark was suggested by Jan on the developer's list. Probably worth a quick question to that effect to the netfilter-dev list though. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
