[squid-users] Squid marking QOS and matching marks with linux iptables problem !

Ahmad Alzaeem 0xff1f at gmail.com
Sun May 24 00:17:45 UTC 2020 

Tested on both OS below :

Centos 7.7  64 bits  & Centos 6.10


Same result , squid is not marking traffic .

Is there a way to run squid into debug mode and debug to see if its making DSCP or not ?



Thanks 



> On May 24, 2020, at 3:15 AM, Eliezer Croitoru <ngtech1ltd at gmail.com> wrote:
> 
> What OS?
>  
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10
>  
> From: Ahmad Alzaeem <mailto:0xff1f at gmail.com>
> Sent: Saturday, May 23, 2020 11:40 PM
> To: Squid Users <mailto:squid-users at lists.squid-cache.org>
> Subject: Re: [squid-users] Squid marking QOS and matching marks with linux iptables problem !
>  
> Hello Folks , any one in the mailing list can help me on the case ?
>  
> Thanks 
>  
>  
> > On May 21, 2020, at 3:03 AM, Ahmad Alzaeem <0xff1f at gmail.com <mailto:0xff1f at gmail.com>> wrote:
> > 
> > Hello Folks ,
> > 
> > Im trying to mark outgoing squid request based on Mark linux matching .
> > 
> > I added to squid conf :
> > 
> > qos_flows mark local-hit=0xd7
> > qos_flows mark local-miss=0xd7
> > 
> > -A OUTPUT -m mark --mark 0xd7 -j ACCEPT
> > 
> > But on iptables there is no match with the mark 0xd7 
> > 
> > 
> > Im testing  marking with squid and matching with iptables  but its not matching , always statistics = 0 on linux iptables  That mean  its not matched .
> > 
> > Squid version is 4.8
> > Also squid was complied with '--enable-zph-qos’ flag 
> > 
> > So not sure if I need specific config for squid .
> > 
> > Following :
> > 
> > https://wiki.squid-cache.org/Features/QualityOfService <https://wiki.squid-cache.org/Features/QualityOfService>
> > 
> > Based on it we need kernel patch for TOS , but I dont need TOS ,  I just need Layer 3 DSP , Linux mark rule based .
> > 
> > 
> > i even tried to match traffic by mark and connmark and both did not help .
> > 
> > -A OUTPUT -m mark --mark 0xd7 -j ACCEPT
> > -A OUTPUT -m connmark --mark 0xd4 -j ACCEPT
> > 
> > 
> > So both rules above was not able to pickup squid marking .
> > 
> > Any helping Team on this case ?
> > 
> > 
> > Thank you
>  
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
> http://lists.squid-cache.org/listinfo/squid-users <http://lists.squid-cache.org/listinfo/squid-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200524/1f20bdcf/attachment-0001.html>

More information about the squid-users mailing list