[squid-users] Squid marking QOS and matching marks with linux iptables problem !
Ahmad Alzaeem
0xff1f at gmail.com
Mon May 25 09:25:07 UTC 2020
Here is debug result :
2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc(1375) parseHttpRequest: Prepare absolute URL from
2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc(2106) clientParseRequests: local=45.150.17.10:3128 remote=50.254.22.18:62916 FD 540 flags=1: done parsing a request
2020/05/25 12:04:58.043 kid1| 33,3| Pipeline.cc(24) add: Pipeline 0x43d98a0 add request 1 0x41e43f0*4
2020/05/25 12:04:58.043 kid1| 33,5| Http1Server.cc(188) buildHttpRequest: normalize 1 Host header using analytics.yopify.com:443
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(641) clientSetKeepaliveFlag: http_ver = HTTP/1.1
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(642) clientSetKeepaliveFlag: method = CONNECT
2020/05/25 12:04:58.043 kid1| 33,3| http/Stream.h(141) mayUseConnection: This 0x41e43f0 marked 1
2020/05/25 12:04:58.043 kid1| 50,3| comm.cc(946) comm_udp_sendto: comm_udp_sendto: Attempt to send UDP packet to 8.8.8.8:53 using FD 8 using Port 55332
2020/05/25 12:04:58.043 kid1| 50,3| comm.cc(946) comm_udp_sendto: comm_udp_sendto: Attempt to send UDP packet to 8.8.8.8:53 using FD 8 using Port 55332
2020/05/25 12:04:58.043 kid1| 33,3| client_side.cc(2119) clientParseRequests: Not parsing new requests, as this request may need the connection
2020/05/25 12:04:58.044 kid1| 33,5| AsyncJob.cc(154) callEnd: Http1::Server status out: [ job690]
2020/05/25 12:04:58.044 kid1| 33,5| AsyncCallQueue.cc(57) fireNext: leaving Server::doClientRead(local=45.150.17.10:3128 remote=50.254.22.18:62916 FD 540 flags=1, data=0x43d9858)
2020/05/25 12:04:58.056 kid1| 17,3| FwdState.cc(1339) GetMarkingsToServer: from 45.150.17.10 netfilter mark 0
2020/05/25 12:04:58.056 kid1| 50,3| comm.cc(350) comm_openex: comm_openex: Attempt open socket for: 45.150.17.10
2020/05/25 12:04:58.056 kid1| 50,3| comm.cc(393) comm_openex: comm_openex: Opened socket local=45.150.17.10 remote=[::] FD 542 flags=1 : family=2, type=1, protocol=6
2020/05/25 12:04:58.064 kid1| 33,4| client_side.cc(2510) httpAccept: local=45.150.17.10:3128 remote=50.254.22.18:62917 FD 543 flags=1: accepted
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall ConnStateData::connStateClosed constructed, this=0x4024ec0 [call6687]
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall Http1::Server::requestTimeout constructed, this=0x422ab40 [call6688]
2020/05/25 12:04:58.064 kid1| 33,4| Server.cc(90) readSomeData: local=45.150.17.10:3128 remote=50.254.22.18:62917 FD 543 flags=1: reading request...
2020/05/25 12:04:58.064 kid1| 33,5| AsyncCall.cc(26) AsyncCall: The AsyncCall Server::doClientRead constructed, this=0x4025c50 [call6689]
I see mark 0 and mark 1 , Dont see any 0xd7 or so .
Thanks
> On May 25, 2020, at 10:02 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> [NP: it would help if you replied through the list instead of directly
> to me, even as a CC. Your messages keep getting diverted to spam folder. ]
>
> On 25/05/20 4:26 am, Ahmad Alzaeem wrote:
>> Hi Amos ,
>>
>> Sorry I'm confused a a bit …
>>
>> Are my results expected not to work with below :
>>
>>
>> qos_flows mark local-hit=0xd7
>> qos_flows mark local-miss=0xd7
>>
>>
>> -A OUTPUT -m mark --mark 0xd7 -j ACCEPT
>> -A OUTPUT -m connmark --mark 0xd7 -j ACCEPT
>>
>> ?
>
> Squid should be MARK'ing packets with 0xd7.
>
> Those iptables rules should match the packets MARK'ed with 0xd7.
>
> Whether those statements are of any relevance depends on where your
> iptables rules are configured in relation to all other rules and chains
> your iptables is processing.
>
>
>>
>> Do I need to edit squid/iptables ?
>>
>
> Probably iptables. But not enough info to say how.
>
>
> You asked about how to debug Squid MARK'ing earlier. What were the
> results of that? did you see Squid doing any marking?
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200525/daeeb6c9/attachment-0001.html>
More information about the squid-users
mailing list