Amos Jeffries wrote > 2) Squid can do pass-thru using Netfilter MARK flags. Each squid.conf > directive that deals with TOS has both a 'tos' and a 'mark' variant. The > 'mark' ones are able to pass-thru these netfilter markings the way you > want. > > However, since netfilter marks are local to the one machine and not > transmitted externally. You need to use iptables rules to convert > received TOS/DSCP values into local MARK values on packets arriving, and > the reverse translation for packets leaving the machine. > > IIRC there were some gotchas involved. I do remember specifically that > the TOS needed to be converted to CONNMARK (not MARK) in mangle or > earlier. Then the NF MARK values sync'd with CONNMARK at some stage just > after that (sorry my memory of that particular bit is long gone). The > sync'd NF MARK is what gets passed between Squid and the kernel. > > It is a bit clumsy and annoying, but without any kernel API to receive > the TOS/DSCP values on incoming packets it is what it is. > > > Amos First i am going to to it on same server which may be simpler and no need to involve with convert to/from TOS I have following iptables log IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=4148 TOS=0x00 PREC=0x00 TTL=64 ID=57642 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=29780 TOS=0x00 PREC=0x00 TTL=64 ID=57643 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64 ID=57644 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64 ID=57645 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16894 DF PROTO=TCP SPT=12513 DPT=8080 WINDOW=4671 RES=0x00 ACK URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64 ID=57646 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=6700 TOS=0x00 PREC=0x00 TTL=64 ID=57647 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0 MARK=0x30 IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16895 DF PROTO=TCP SPT=12513 DPT=8080 WINDOW=4598 RES=0x00 ACK URGP=0 MARK=0x30 Now please provide squid config side . Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/cache-peer-communication-about-HIT-MISS-between-squid-and-and-non-squid-peer-tp4600931p4678630.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
