On 11/05/2016 8:19 p.m., Deniz Eren wrote: > Hi, > > In my system I am using netfilter marks to shape traffic(SNAT, QoS, > etc.) however when I redirect traffic to Squid using Tproxy I lose the > mark value(obviously). Not obvious at all. The MARK vaue is available to Squid, and if configured to look it up Squid should be doing so. > I saw configuration directive qos_flow but it's > only applicable for incoming connections( some website -> squid -> > client PC), what I need is the opposite one I want to pass mark of > outgoing connections( client PC -> squid -> some website ). I want to > mark packet in mangle PREROUTING and then redirect packet to TPROXY > and after packets coming out of squid I want to use the same mark in > mangle OUTPUT or POSTROUTING chains. Is there a way to do that? > tcp_outgoing_mark or qos_flows mark. The problem you will find however is that HTTP is both stateless and multiplexing. One incoming request may generate zero or several outgoing requests. The outbound connection may also be shared by several requests with differnet incoming connection MARK values. So you need to design your system not to rely on an outbound connection existing, and to handle MARK being changed mid-connection. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
