Using nfmark

[Tobias DiPasquale]

On Tue, 30 Nov 2004 18:47:50 -0200, Roberto Jung Drebes
<drebes at inf.ufrgs.br> wrote:
> My netfilter module creates some traffic using ip_rcv and
> ip_finish_output, and this traffic is also subject to my module, since
> it is registered in the NF_IP_PRE_ROUTING and NF_IP_POST_ROUTING hooks.
> I would like to test in my module if this traffic was created by itself
> (in which case it should be ignored) or not (should be processed), and
> so I am thinking of marking created packets with a magic number. Can I
> use nfmark for that? Are there any other netfilter modules that use it?

If you only need the distinction during local packet processing, then
you can use the nfmark field for that purpose. However, if you are
trying to mark packets that will leave the box and be destined for
another, then you can't use nfmark. nfmark is just a
netfilter-internal field used to mark packets for firewall/route
rule/traffic shaping classification during packet processing. That
field is not actually part of the packet that comes in/goes out on the
wire.

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d