On Sun, 2004-04-18 at 22:53, jamal wrote:
> On Sun, 2004-04-18 at 12:35, Andy Furniss wrote:
>
> > Connmark is a netfilter patch which is required by the type of P2P
> > limiting/marking projects on sf.net that could mark bittorrent traffic.
>
> just from the sounds of it, appears it may be able to mark a group of
> related flows with the same fwmark.
connmark is like nfmark but it marks the connection-entry in
ip_conntrack instead. And then you can "restore" that mark to the nfmark
of the packet at any time you want with filter rules.
> > will be OK with connbytes sometime. I don't really know how to use it,
> > but if it is possible to mark egress connections in output and have
> > connmark match their incoming packets that would be a solution. I
> > haven't got a clue if connmark can do this, though, just speculating.
> >
> > Does anyone else know, and why it's not compatable with connbytes?
> >
>
> some of the netfilter people should be able to help.
with connmark you mark the connection, and then you can "restore" that
mark to packets in either direction in the mangle table of iptables.
connmark isn't incompatible with connbytes. It's just that both patches
modify the same part of the code, a struct, and the patch program can't
handle that. You'll have to fix some rejects by hand, that's it.
--
/Martin
signature.asc
Description: This is a digitally signed message part
|