Squid configuration directive mark_client_connection

Available in: v6   v5  

This directive is not available in the v4 version of Squid.

This directive is not available in the 3.5 version of Squid.

For older versions than 3.5 see the linked pages above

Configuration Details:

Option Name:mark_client_connection
Replaces:
Requires:Packet MARK (Linux)
Default Value:none
Suggested Config:

	Allows you to apply a Netfilter CONNMARK value to a connection
	on the client-side, based on an ACL.

	mark_client_connection mark-value[/mask] [!]aclname ...

	The mark-value and mask are unsigned integers (hex, octal, or decimal).
	The mask may be used to preserve marking previously set by other agents
	(e.g., iptables).

	A matching rule replaces the CONNMARK value. If a mask is also
	specified, then the masked bits of the original value are zeroed, and
	the configured mark-value is ORed with that adjusted value.
	For example, applying a mark-value 0xAB/0xF to 0x5F CONNMARK, results
	in a 0xFB marking (rather than a 0xAB or 0x5B).

	This directive semantics is similar to iptables --set-mark rather than
	--set-xmark functionality.

	The directive does not interfere with qos_flows (which uses packet MARKs,
	not CONNMARKs).

	Example where squid marks intercepted FTP connections:

	acl proto_ftp proto FTP
	mark_client_connection 0x200/0xff00 proto_ftp

	This clause only supports fast acl types.
	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.

 

Back

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors