> On 11/05/2016 8:19 p.m., Deniz Eren wrote: >> Hi, >> >> In my system I am using netfilter marks to shape traffic(SNAT, QoS, >> etc.) however when I redirect traffic to Squid using Tproxy I lose the >> mark value(obviously). > > Not obvious at all. The MARK vaue is available to Squid, and if > configured to look it up Squid should be doing so. > By saying obviously I meant that if squid doesn't mark the packet its not available in OUTPUT chain. >> I saw configuration directive qos_flow but it's >> only applicable for incoming connections( some website -> squid -> >> client PC), what I need is the opposite one I want to pass mark of >> outgoing connections( client PC -> squid -> some website ). I want to >> mark packet in mangle PREROUTING and then redirect packet to TPROXY >> and after packets coming out of squid I want to use the same mark in >> mangle OUTPUT or POSTROUTING chains. Is there a way to do that? >> > > tcp_outgoing_mark or qos_flows mark. http://www.squid-cache.org/Doc/config/qos_flows/ "to mark outgoing connections to the client, based on where the reply was sourced." >From here I understand that marking process is like this: Web Site -> | -> mark -> squid -> mark -> | -> Client PC And in my tests I saw this behavior, the opposite did not work. Is the opposite one possible: ClientPC -> | -> mark -> squid -> mark -> | -> Web Site > > The problem you will find however is that HTTP is both stateless and > multiplexing. One incoming request may generate zero or several outgoing > requests. The outbound connection may also be shared by several requests > with differnet incoming connection MARK values. Do you mean two sources A,B going both to C can share same outgoing connection? Is there a way to change this behavior? > > So you need to design your system not to rely on an outbound connection > existing, and to handle MARK being changed mid-connection. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
