Because the acl check in tcp_outgoing_* belongs to the "quick" class, which cannot wait for external lookups such as DNS to complete.
To get around this you can make bogos http_access rules which forces Squid to look up the required information, for example the following to force a DNS lookup of the destination IP acl nowhere dst 0.0.0.0/32 http_access deny nowhere at the top of squid.conf. Regards Henrik Massimiliano Cuzzoli wrote: > > Hello everybody, > a useful feature of SQUID 2.5 is the "tcp_outgoing_tos" directive, that > allow you to mark outgoing IP packet with a specific TOS field. > > I have tried to associate this directive with an ACL's type "dst" as below: > > acl EXAMPLE1 dst 66.216.68.0/24 > tcp_outgoing_tos 0x30 EXAMPLE1 > > Sniffing packets, I have observed that packets belonging to the first > TCP connection pass with a wrong TOS (0x00) and others with a right TOS > (0x30) > > Is there anybody that can tell me why? > > Bye!!! > > Massimiliano
