Squid configuration directive mark_client_connection
This directive is not available in the v4 version of Squid.
For older versions than v4 see the linked pages above
Configuration Details:
Option Name: | mark_client_connection |
---|---|
Replaces: | |
Requires: | --with-cap and Packet MARK (Linux) |
Default Value: | none |
Suggested Config: |
|
Allows you to apply a Netfilter CONNMARK value to a connection on the client-side, based on an ACL. mark_client_connection mark-value[/mask] [!]aclname ... The mark-value and mask are unsigned integers (hex, octal, or decimal). The mask may be used to preserve marking previously set by other agents (e.g., iptables). A matching rule replaces the CONNMARK value. If a mask is also specified, then the masked bits of the original value are zeroed, and the configured mark-value is ORed with that adjusted value. For example, applying a mark-value 0xAB/0xF to 0x5F CONNMARK, results in a 0xFB marking (rather than a 0xAB or 0x5B). This directive semantics is similar to iptables --set-mark rather than --set-xmark functionality. The directive does not interfere with qos_flows (which uses packet MARKs, not CONNMARKs). Example where squid marks intercepted FTP connections: acl proto_ftp proto FTP mark_client_connection 0x200/0xff00 proto_ftp This clause only supports fast acl types. See https://wiki.squid-cache.org/SquidFaq/SquidAcl for details. |
|
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products