[squid-users] cache peer communication about HIT/MISS between squid and and non-squid peer
Omid Kosari
omidkosari at yahoo.com
Thu Jul 21 06:21:13 UTC 2016
Amos Jeffries wrote
> 2) Squid can do pass-thru using Netfilter MARK flags. Each squid.conf
> directive that deals with TOS has both a 'tos' and a 'mark' variant. The
> 'mark' ones are able to pass-thru these netfilter markings the way you
> want.
>
> However, since netfilter marks are local to the one machine and not
> transmitted externally. You need to use iptables rules to convert
> received TOS/DSCP values into local MARK values on packets arriving, and
> the reverse translation for packets leaving the machine.
>
> IIRC there were some gotchas involved. I do remember specifically that
> the TOS needed to be converted to CONNMARK (not MARK) in mangle or
> earlier. Then the NF MARK values sync'd with CONNMARK at some stage just
> after that (sorry my memory of that particular bit is long gone). The
> sync'd NF MARK is what gets passed between Squid and the kernel.
>
> It is a bit clumsy and annoying, but without any kernel API to receive
> the TOS/DSCP values on incoming packets it is what it is.
>
>
> Amos
First i am going to to it on same server which may be simpler and no need to
involve with convert to/from TOS
I have following iptables log
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=4148 TOS=0x00 PREC=0x00 TTL=64
ID=57642 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=29780 TOS=0x00 PREC=0x00 TTL=64
ID=57643 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64
ID=57644 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64
ID=57645 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16894 DF PROTO=TCP SPT=12513 DPT=8080 WINDOW=4671 RES=0x00 ACK URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=32820 TOS=0x00 PREC=0x00 TTL=64
ID=57646 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=6700 TOS=0x00 PREC=0x00 TTL=64
ID=57647 DF PROTO=TCP SPT=8080 DPT=12513 WINDOW=1495 RES=0x00 ACK PSH URGP=0
MARK=0x30
IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=16895 DF PROTO=TCP SPT=12513 DPT=8080 WINDOW=4598 RES=0x00 ACK URGP=0
MARK=0x30
Now please provide squid config side .
Thanks
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/cache-peer-communication-about-HIT-MISS-between-squid-and-and-non-squid-peer-tp4600931p4678630.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list