Squid configuration directive mark_client_connection

Available in: v7   v6   v5  

This directive is not available in the v4 version of Squid.

For older versions than v4 see the linked pages above

Configuration Details:

Option Name:mark_client_connection
Replaces:
Requires:--with-cap and Packet MARK (Linux)
Default Value:none
Suggested Config:

	Allows you to apply a Netfilter CONNMARK value to a connection
	on the client-side, based on an ACL.

	mark_client_connection mark-value[/mask] [!]aclname ...

	The mark-value and mask are unsigned integers (hex, octal, or decimal).
	The mask may be used to preserve marking previously set by other agents
	(e.g., iptables).

	A matching rule replaces the CONNMARK value. If a mask is also
	specified, then the masked bits of the original value are zeroed, and
	the configured mark-value is ORed with that adjusted value.
	For example, applying a mark-value 0xAB/0xF to 0x5F CONNMARK, results
	in a 0xFB marking (rather than a 0xAB or 0x5B).

	This directive semantics is similar to iptables --set-mark rather than
	--set-xmark functionality.

	The directive does not interfere with qos_flows (which uses packet MARKs,
	not CONNMARKs).

	Example where squid marks intercepted FTP connections:

	acl proto_ftp proto FTP
	mark_client_connection 0x200/0xff00 proto_ftp

	This clause only supports fast acl types.
	See https://wiki.squid-cache.org/SquidFaq/SquidAcl for details.

 

Back

 

Introduction

Documentation

Support

Miscellaneous