Hello,
I am trying to integrate squid into my QoS setup. I assign priorities to
each computer on a local network from low to high priorities. I am
successufly pioritizing the traffic , when it is _NOT_ going trough the
squid. The prioritization is done using iproute2 and marking incoming
packets using mangle table in netfilter. Each computer has it's own
mark. When a packet comes to my linux box, I mark it with corresponding
number using iptables and depending on the priority of the computer I
place it into high priority queue or the low when it is about to leave
the box.
The problem is that I can not use this setup when the users are browsing
throuhg the squid. Their packets never go out to the internet because it
is done by squid itself. Due to this I can not identificate who is the
owner and so I can't know where should I put the packets into high
pirority queue or low. If I would knew the ip address of the originator
I would not asking this on the list, but since squid is doing it with
the IP of the linux box, this is getting a little bit harder.
So, how can identify who's request is squid performing when it is
fetching data from the internet? Some solutions come in mind:
1) I can get this by examining the contents of the packet and look for
HTTP_X_FORWARDED_FOR header, get the IP and know the originator .....
but I have no clue how to integrate this stuff to netfilter, I guess it
would be a hard work. And not so reliable I guess.
2) Maybe I could fork squid squid process and switch it to uid
corresponding to the user who made the request. Then usung iptables
extensions I could know who's' the originator with --uid-owner option.
But I never seen at squid code so I don't know would it be possible or
not. would this low the overall performance?
So my question is, does somebody did this stuff before? Can somebody
tell me where to look for and what should be the best solution to
achieve this? I need to know somehow for whom squid is fetching the
objects and any ideas are welcom. I am very interested in working on
this and would contribute in anything to make tihs work.
Thank you
Nikolai
Received on Sun Aug 12 2001 - 14:45:21 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:34 MST