[Top] [All Lists]

Re: iptables breakage WAS(Re: dummy as IMQ replacement

To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
From: Andy Furniss <andy.furniss@xxxxxxxxxxxxx>
Date: Fri, 25 Mar 2005 20:42:41 +0000
Cc: hadi@xxxxxxxxxx, Harald Welte <laforge@xxxxxxxxxxxx>, Remus <rmocius@xxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, Nguyen Dinh Nam <nguyendinhnam@xxxxxxxxx>, Andre Tomt <andre@xxxxxxxx>,, Damion de Soto <damion@xxxxxxxxxxxx>
In-reply-to: <>
References: <1107123123.8021.80.camel@jzny.localdomain> <025501c52552$2dbf87c0$6e69690a@RIMAS> <1110453757.1108.87.camel@jzny.localdomain> <> <1111410890.1092.195.camel@jzny.localdomain> <> <1111444869.1072.51.camel@jzny.localdomain> <> <1111462263.1109.6.camel@jzny.localdomain> <> <1111550254.1089.21.camel@jzny.localdomain> <> <1111607112.1072.48.camel@jzny.localdomain> <> <1111612042.1072.53.camel@jzny.localdomain> <> <> <1111625608.1037.16.camel@jzny.localdomain> <> <1111663947.1037.24.camel@jzny.localdomain> <1111665450.1037.27.camel@jzny.localdomain> <> <1111749220.1092.457.camel@jzny.localdomain> <> <>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050217
Patrick McHardy wrote:
Andy Furniss wrote:

iptables -A POSTROUTING -t mangle -j CONNMARK --set-mark 1
iptables -A INPUT -t mangle -m mark --mark 1
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src 0/0 flowid 1:1 action ipt -j CONNMARK --restore-mark

It doesn't mark the packets.

With tc actions the ingress qdisc gets packets before connection
tracking, so CONNMARK doesn't have a connection tracking entry to

Ahh - Thanks I misunderstood talk of being able to mark connections earlier in this thread and thought it was hooking after conntrack.


<Prev in Thread] Current Thread [Next in Thread>