On Wed, 2013-03-27 at 00:13 +0000, Ed W wrote:
> Hi Andy, Sorry to bug you, but I finally got round to trying the
> qos_flows feature and I think my understanding is completely back to front?
>
> What I need is to copy the packet/connection mark from the client
> request, and apply it to the upstream request.
You're correct (I think - it's been a long time!): the qos_flows feature
copies a mark value from the server side of Squid and puts that on the
connection to the requesting client.
> So for example I mark clients that have passed a captive portal test
> with some mark, I need that mark copying up to requests coming from
> squid so that I know they effectively come from a validated client
As Amos says, this is probably the wrong way to do it. If you want to
see an example of how I did it, then check out this page:
http://andybev.com/index.php/PortalShaper
I use iptables to drop (or redirect) all packets that are received from
clients that have not passed the captive portal.
> Near as I can tell the current qos_flows applies this all backwards, ie
> it assumes that the upstream has some mark on it, and copies this back
> to the client response connection?
Yes.
> How tricky would it be to offer this option in both directions? Does
> anyone else have a use for this kind of feature?
It's probably not overly difficult, but is there really a requirement
for it? I think for what you want to achieve there is a better way to do
it? Happy to discuss/advise further.
Andy
Received on Wed Mar 27 2013 - 23:14:10 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 29 2013 - 12:00:06 MDT