Patch to add netfilter mark support

From: Andrew Beverley <andy_at_andybev.com>
Date: Sun, 05 Sep 2010 21:59:34 +0100

Please find attached the latest version of the patch to add Netfilter
marking support to Squid.

All the previous comments have now been actioned.

One thing that I haven't dealt with yet is the dependency on the
ip_conntrack kernel module. This seems to get loaded automatically after
some use of Squid, but not straight away, which means that the mark
retention does not initially work. I've done some googling but have not
found how to force a kernel module load in a program. Is someone able to
advise please?

Since my last submission (prompted by a request on squid-users), I have
also added tcp_outgoing_mark and clientside_mark to complement
tcp_outgoing_tos and clientside_tos. I am conscious that I have been
copying old code to implement these, some of which does not seem
particularly elegant. However, rather than changing things from my
inexperienced perspective, I thought it best if I post the changes as-is
and action any feedback as appropriate.

As part of this I have added isAclNfmarkActive() and isAclTosActive() to
return whether there should be any active TOS or MARK packet marking. I
added these to fde as that seemed the most appropriate place, but again
please tell me if I should move them elsewhere.

Thanks,

Andy

Received on Sun Sep 05 2010 - 21:00:04 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 06 2010 - 12:00:04 MDT