Re: Squid marking QOS and matching marks with linux iptables problem !

Ahmad Alzaeem <0xff1f@xxxxxxxxx> · Mon, 25 May 2020 12:25:07 +0300

Here is debug result :

2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc(1375) parseHttpRequest: Prepare absolute URL from 
2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc(2106) clientParseRequests: local=45.150.17.10:3128 remote=50.254.22.18:62916 FD 540 flags=1: done parsing a request
2020/05/25 12:04:58.043 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x43d98a0 add request 1 0x41e43f0*4
2020/05/25 12:04:58.043 kid1| 33,5| Http1Server.cc(188) buildHttpRequest: normalize 1 Host header using analytics.yopify.com:443
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(641) clientSetKeepaliveFlag: http_ver = HTTP/1.1
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(642) clientSetKeepaliveFlag: method = CONNECT
2020/05/25 12:04:58.043 kid1| 33,3| http/Stream.h(141) mayUseConnection: This 0x41e43f0 marked 1
2020/05/25 12:04:58.043 kid1| 50,3| comm.cc(946) comm_udp_sendto: comm_udp_sendto: Attempt to send UDP packet to 8.8.8.8:53 using FD 8 using Port 55332
2020/05/25 12:04:58.043 kid1| 50,3| comm.cc(946) comm_udp_sendto: comm_udp_sendto: Attempt to send UDP packet to 8.8.8.8:53 using FD 8 using Port 55332
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(2119) clientParseRequests: Not parsing new requests, as this request may need the connection
2020/05/25 12:04:58.044 kid1| 33,5| AsyncJob.cc(154) callEnd: Http1::Server status out: [ job690]
2020/05/25 12:04:58.044 kid1| 33,5| AsyncCallQueue.cc(57) fireNext: leaving Server::doClientRead(local=45.150.17.10:3128 remote=50.254.22.18:62916 FD 540 flags=1, data="">2020/05/25 12:04:58.056 kid1| 17,3| FwdState.cc(1339) GetMarkingsToServer: from 45.150.17.10 netfilter mark 0
2020/05/25 12:04:58.056 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: 45.150.17.10
2020/05/25 12:04:58.056 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=45.150.17.10 remote=[::] FD 542 flags=1 : family=2, type=1, protocol=6
2020/05/25 12:04:58.064 kid1| 33,4| client_side.cc(2510) httpAccept: local=45.150.17.10:3128 remote=50.254.22.18:62917 FD 543 flags=1: accepted
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall ConnStateData::connStateClosed constructed, this=0x4024ec0 [call6687]
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall Http1::Server::requestTimeout constructed, this=0x422ab40 [call6688]
2020/05/25 12:04:58.064 kid1| 33,4| Server.cc(90) readSomeData: local=45.150.17.10:3128 remote=50.254.22.18:62917 FD 543 flags=1: reading request...
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall Server::doClientRead constructed, this=0x4025c50 [call6689]

I see mark 0 and mark 1 , Dont see any 0xd7 or so .

Thanks 

On May 25, 2020, at 10:02 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:

[NP: it would help if you replied through the list instead of directly
to me, even as a CC. Your messages keep getting diverted to spam folder. ]

On 25/05/20 4:26 am, Ahmad Alzaeem wrote:
Hi Amos , 

Sorry I'm confused a a bit …

Are my results expected not to work with below :

qos_flows mark local-hit=0xd7
qos_flows mark local-miss=0xd7

-A OUTPUT -m mark --mark 0xd7 -j ACCEPT
-A OUTPUT -m connmark --mark 0xd7 -j ACCEPT

?

Squid should be MARK'ing packets with 0xd7.

Those iptables rules should match the packets MARK'ed with 0xd7.

Whether those statements are of any relevance depends on where your
iptables rules are configured in relation to all other rules and chains
your iptables is processing.

Do I need to edit squid/iptables ?

Probably iptables. But not enough info to say how.

You asked about how to debug Squid MARK'ing earlier. What were the
results of that? did you see Squid doing any marking?

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users