On 27/12/2013 5:32 a.m., yogii wrote:
> Sorry I'm just back.
>
> I don't understand functionality of tcp_outgoing_mark. How it works. how to
> use.
>
> Can I use this feature to set dscp field for every packet leaving squidbox
> and go to the client?
> do we need to do something with iptables after set tcp_outgoing_mark tag on
> squid?
>
tcp_outgoing_mark sets the netfilter MARK value on packets exactly as if
iptables/ip6tables/nftables/xtables had done it with a -j MARK rule.
The MARK values are specific to the kernel they are set for and do not
leave the machine. They have a 32-bit value range where TOS only has
4-bit value range once ECN is accounted for.
You can set a MARK value by Squid and have iptables/ip6tables convert
that to DSCP values as the packets leave the machine based on other
criteria Squid is not aware of.
NP: Squid adjusts tcp_outgoing_tos for ECN, so if you want to break ECN
and use those bits for TOS values setting a MARK and translating it into
a ECN-incompatible TOS value is the way to do that.
tcp_outgoing_tos and qos_flows are what set the TOS/Differv values if
you want to set them directly.
Amos
