that's a pretty limited approach. an idea that floated was allowing applications to get/set thos tags (or, if you generalize more, mbuf tags) via get/setsockopt, but even that is far from easy and not very flexible either.
On Thu, Oct 16, 2003 at 09:29:58AM +0200, Mark Bojara wrote: > Hello Henning, > > Maybe this is a long shot, But how about creating a virtual interface > (suggestions?) Then in squid setting the tcp_outgoing_address to the same > as the virtual interface and doing the tagging on that virtual interface.. > > Let me know what you think. > > Thanks > Mark > > ---------------------------------------------------------------- > Make up a language and ask people for directions. > ---------------------------------------------------------------- > On Wed, 15 Oct 2003, Henning Brauer wrote: > > >all mbuf tags get lost (of course) when the packets travels through > >userland. > >well, in fact, all mbuf tags get lost as soon as the packet leaves the > >kernel, in either direction - userland, or network. > > > >not really a way around it. > > > >On Wed, Oct 15, 2003 at 10:15:07PM +0200, Mark Bojara wrote: > >> Hello All, > >> > >> Im running a HFSC setup with a squid server hosted on the same machine. I > >> am having problems putting this traffic in a queue. So I decided to make > >> it a transparent proxy. On my pf I tagged the packets on the internal > >> interface comming into the squid server then tried to match it on the > >> external interface. This doesnt work because the internal tags gets lost > >> when squid makes the request to fetch the object.. > >> > >> fxp0 being internal and tun0 the external.. > >> pass out on fxp0 all tagged opium keep state queue opium > >> pass in on tun0 inet from 10.10.10.2 to any tag opium keep state > >> (tried it the other way around aswell) > >> > >> If i could use PF to set a TOS on the internal interface then i could > >> easily match it on the external inferface when squid fetch's the object. > >> But there is no such option. > >> > >> Anybody have any idea's? Maybe even a completely new solution? > >> > >> Thanks Alot > >> Mark Bojara > >> > > > >-- > >Henning Brauer, BS Web Services, http://bsws.de > >[EMAIL PROTECTED] - [EMAIL PROTECTED] > >Unix is very simple, but it takes a genius to understand the simplicity. > >(Dennis Ritchie) > > >
