Re: [squid-users] Squid ACLs by DSCP

2022-06-22 Thread ngtech1ltd 
Hey Amos,

I have a set of clients which I want to bump while others I don't want to bump.
I have 10 classes of clients which each and every one of them have a different 
pre-defined class.
If I can read the TOS hex value of the incoming intercepted connection I can 
decide in the ACLs 
based on the TOS specific decisions.
Since I am using an external_helper it's pretty easy to change the rules pretty 
easy without reloading squid.
Currently what I tried is to use couple squid ports and then intercept the 
traffic based on the DSCP(TOS..) value
to the designated port.

It's a pretty nice combination for my specific use case that I have about 10 
pre defined client classes.

Thanks,
Eliezer


Eliezer Croitoru
NgTech, Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com

-Original Message-
From: squid-users  On Behalf Of Amos 
Jeffries
Sent: Wednesday, 22 June 2022 13:08
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid ACLs by DSCP

On 19/06/22 06:55, ngtech1ltd wrote:
> Hey,
> 
> I have been marking different clients with DSCP and have managed to 
> redirect traffic to different squid ports based on DSCP.
> 
> I am trying to use a single squid port that will read the DSCP of the 
> connection as an ACL, is this even possible?
> 

The so-called DSCP "field" is a re-mapping of the TOS value.

See this table for the TOS hex values for each DSCP service type: 
<https://linuxreviews.org/Type_of_Service_(ToS)_and_DSCP_Values#The_DSCP_and_The_ToS_Byte_Values>


Squid has a fair amount of support for TOS. So the question is more 
whether Squid TOS directives can do what you want.


I do not understand quite what ACLs have to do with what you are 
wanting. Can you clarify what you are trying to have happen in terms of 
traffic flow?


HTH
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid ACLs by DSCP

2022-06-22 Thread Amos Jeffries 

On 19/06/22 06:55, ngtech1ltd wrote:

Hey,

I have been marking different clients with DSCP and have managed to 
redirect traffic to different squid ports based on DSCP.


I am trying to use a single squid port that will read the DSCP of the 
connection as an ACL, is this even possible?




The so-called DSCP "field" is a re-mapping of the TOS value.

See this table for the TOS hex values for each DSCP service type: 




Squid has a fair amount of support for TOS. So the question is more 
whether Squid TOS directives can do what you want.



I do not understand quite what ACLs have to do with what you are 
wanting. Can you clarify what you are trying to have happen in terms of 
traffic flow?



HTH
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users