[squid-users] clientside_mark

Amos Jeffries squid3 at treenet.co.nz
Tue May 23 04:45:57 UTC 2017

On 23/05/17 12:03, Ikari C wrote:
> On 22/05/17 02:51, Ikari C wrote:
>     Hi, i'm new in maillist and in Squid configuration, I use Squid
>     3.5 version and i read about clientside_mark configuration, but i
>     have a doubt, wich type of  ACL is compatible with this option. I
>     want to create a MARK by dstdomain ACL, and use TC configuration
>     to set QOS, it is posible? or only works with SRC ALC type.
>     i want to do this in squid.conf:
>     acl aclname1 dstdomain url1
>     acl aclname2 dstdomain url2
>     clientside_mark 0x3 aclname1
>     clientside_mark 0x4 aclname2
>     the configuration on squid.conf is the default.
> Any of the ACLs which work in http_access should work there too.
> However, because HTTP contains message pipelines the arrival time of 
> any given request may be significantly different from the response 
> delivery time. i.e. there may be earlier requested responses using the 
> connection between now (when the MARK gets set by the newly arrived 
> request) and the response you were intending to mark. So it is best to 
> only rely on TCP level things if you can.
> Amos
> Thanks. i will keep it in mind
> I tested this configuration and squid effectively mark this packages 
> (I saw with iptables --m mark --mark X -j log) but mark also other 
> domain that i have visited inmediately after and they aren't in the 
> acl, for example, if i put "acl ac1 dstdomain .yahoo.com 
> <http://yahoo.com/>", squid mark this package, but if i go to 
> google.com <http://google.com/> squid also mark the google package, 
> but if i go to google first than yahoo.com <http://yahoo.com/> squid 
> doesn't mark the package to google, and then i go to yahoo, squid mark 
> the yahoo package, and if i go to visit again google, "squid" mark the 
> package google too. I wanted to create a QOS based by domain whith TC 
> configuration.

I think you have missed the fact that this is marking the *connection*, 
not the message. So the mark remains set on the connection until you 
unset it, change it, or the connection closes.


More information about the squid-users mailing list