Reworked packet/connection marking (#170)

[thirdparty/squid.git] / src / comm / Connection.h

diff --git a/src/comm/Connection.h b/src/comm/Connection.h
index 732576a4028087e9a7fed5282f90b7178743ac1f..a5aca487dc4644fbf71f2485c6301ad6acd6ff33 100644 (file)
--- a/src/comm/Connection.h
+++ b/src/comm/Connection.h
@@ -146,9 +146,19 @@ public:
     /** Quality of Service TOS values currently sent on this connection */
     tos_t tos;
 
-    /** Netfilter MARK values currently sent on this connection */
+    /** Netfilter MARK values currently sent on this connection
+     * In case of FTP, the MARK will be sent on data connections as well.
+     */
     nfmark_t nfmark;
 
+    /** Netfilter CONNMARK value previously retrieved from this connection
+     * In case of FTP, the CONNMARK will NOT be applied to data connections, for one main reason:
+     * the CONNMARK could be set by a third party like iptables and overwriting it in squid may
+     * cause side effects and break CONNMARK-based policy. In other words, data connection is
+     * related to control connection, but it's not the same.
+     */
+    nfmark_t nfConnmark = 0;
+
     /** COMM flags set on this connection */
     int flags;