[squid-users] Squid marking QOS and matching marks with linux iptables problem !

Amos Jeffries squid3 at treenet.co.nz
Mon May 25 10:15:43 UTC 2020


On 25/05/20 9:25 pm, Ahmad Alzaeem wrote:
> Here is debug result :
> 
> 
> 
> 2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc
> <http://client_side.cc>(1375) parseHttpRequest: Prepare absolute URL fromĀ 
> 2020/05/25 12:04:58.043 kid1| 33,5| client_side.cc
> <http://client_side.cc>(2106) clientParseRequests:
> local=45.150.17.10:3128 remote=50.254.22.18:62916 FD 540 flags=1: done
> parsing a request

The client connection on FD 540 was open long before this log trace
begins. Any netfilter details fetched are back at the point it was accepted.



> 2020/05/25 12:04:58.043 kid1| 33,3| http/Stream.h(141) mayUseConnection:
> This 0x41e43f0 marked 1

NP: this is a different kind of marking, about whether it is persistent
or not. Not relevant.


...
> 2020/05/25 12:04:58.056 kid1| 17,3| FwdState.cc
> <http://FwdState.cc>(1339) GetMarkingsToServer: from 45.150.17.10
> netfilter mark 0

This 0 mark is what iptables has set on returning packets for the origin
server connection.

That lien existing at least confirms absolutely that the library and
relevant code is built properly - what Eliezer was looking for with the
squid -v request.


> 2020/05/25 12:04:58.056 kid1| 50,3| comm.cc <http://comm.cc>(350)
> comm_openex: comm_openex: Attempt open socket for: 45.150.17.10
> 2020/05/25 12:04:58.056 kid1| 50,3| comm.cc <http://comm.cc>(393)
> comm_openex: comm_openex: Opened socket local=45.150.17.10 remote=[::]
> FD 542 flags=1 : family=2, type=1, protocol=6

New connection opened, but the log snippet ends before the per-message
socket options are updated for the outgoing HTTP request message.

...



To find the most relevant lines look for "doNfmarkLocalHit",
"doNfmarkLocalMiss" and "setSockNfmark".

If there are errors receiving a MARK from iptables
"getNfmarkFromConnection" will show up too.

When you have found the relevant places, use the FD value on those lines
to grep for more details on what is happening on that connection.


Amos


More information about the squid-users mailing list