On Wed, 2013-03-27 at 00:13 +0000, Ed W wrote: > Hi Andy, Sorry to bug you, but I finally got round to trying the > qos_flows feature and I think my understanding is completely back to front? > > What I need is to copy the packet/connection mark from the client > request, and apply it to the upstream request. You're correct (I think - it's been a long time!): the qos_flows feature copies a mark value from the server side of Squid and puts that on the connection to the requesting client. > So for example I mark clients that have passed a captive portal test > with some mark, I need that mark copying up to requests coming from > squid so that I know they effectively come from a validated client As Amos says, this is probably the wrong way to do it. If you want to see an example of how I did it, then check out this page: http://andybev.com/index.php/PortalShaper I use iptables to drop (or redirect) all packets that are received from clients that have not passed the captive portal. > Near as I can tell the current qos_flows applies this all backwards, ie > it assumes that the upstream has some mark on it, and copies this back > to the client response connection? Yes. > How tricky would it be to offer this option in both directions? Does > anyone else have a use for this kind of feature? It's probably not overly difficult, but is there really a requirement for it? I think for what you want to achieve there is a better way to do it? Happy to discuss/advise further. Andy
