Re: [squid-users] Re: squid qos_flows - copying mark from client side to upstream request?

From: Andrew Beverley <>
Date: Tue, 02 Apr 2013 21:14:16 +0100

On Thu, 2013-03-28 at 22:52 +0000, Ed W wrote:
> Users have a choice of gateways to use the internet via (each will have
> a cost). Their choice of gateway is marked on packets from their
> machine, we then route through the appropriate gateway based on the
> connection mark (hence why I need it passed upstream through squid)
> Also we mark each connection with a unique per user mark so that
> iptables can account for the traffic they consume and bill them.
> Technically this could be done inside squid, but all other traffic is
> accounted in iptables and there is some hairy calculations needed to
> bill differently for different gateways, so I don't want to reproduce
> this in multiple locations

Ah, I see. In which case I can't think of any other way around it.

> Hence I think I need to implement the reverse of the current code?

Yes, you're probably right.

> Now, as for implementation, I don't have the code in front of me, but I
> think I noticed there is a single code path to open a new upstream
> connection?

I can't remember the exact details off the top of my head, but there are
various places that deal with the upstream network connection. Some
parts are only run on connection to a new website host, others are run
every time data is sent.

> At present this applies a packet mark based on tcp_outgoing_mark.

Well, there is various ways of applying a mark. tcp_outgoing_mark is
only one of them. You'd probably be better looking at the qos_flows
code, as this specifically transfers the connection mark from the server
side to the client side.

> Is the client connection information available at this point, so that I
> could mark the connection at this point based on the client connection
> mark?

Again, off the top of my head I'm not 100% sure, but I imagine it would
be possible. The key thing is that you can only retrieve the
*connection* mark from the socket, not the *packet* mark, but I don't
think that would be a problem for you.

> However, I think squid uses persistent connections to upstream?

Only if configured to do so, and even then you can still change the mark
on an existing connection.

> (I will always have another proxy as my upstream). If so then actually
> I need to reset the mark for each request?

I *think* you could just set the mark on the upstream connection for
each request.

> Where would be the correct location to put the marking code in this
> case, ie I guess where the packet is sent to the upstream socket?

I'd need to look into this in slower time.

> (I guess I need to be careful about pipelining also?)

Don't know.

As I said, the above are answers without checking the code (it's been a
couple of years since I've looked at it). I can have a look in due
course, or Amos might be able to chip in ;-)

In the meantime, you might want to look at the original patch for ideas:

Received on Tue Apr 02 2013 - 20:14:36 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 03 2013 - 12:00:13 MDT