I need help with "CONNMARK --set-mark"
adrian.turcu at gmvinteractive.com
Thu Apr 14 15:25:06 CEST 2005
On Thu 14 Apr 2005 14:09, Filip Sneppe wrote:
> I haven't followed this in great detail either, but I do know that
> some people reported problems with the firewall MARK in combination
> with tc filter ... fwmark on the LARTC mailing list. I do remember someone
> explicitly using a u32 mark match too.
> I don't know what the details were, but could you give a different kernel
> a try ? Sorry, I thought I kept the exact mail thread in my mailbox, but I
> must have deleted it... You may want to check the LARTC archives for more
> So try a different kernel first, if the problem persists and you're
> convinced that this is a bug, you may want to take this to the -devel
> mailing list, where the author of the CONNMARK patch also hangs out.
I have tried with 2 different kernels 2.6.10 and 188.8.131.52 and 2 different
iptables 1.3.0 and 1.3.1. The behaviour is the same, most of the time the
CONNMARK does not work.
I posted the 184.108.40.206 kernel with 1.3.1 iptables, 'cause I intend to use the
latest stable versions for both.
I cannot say if this is a bug or not after reading through the message posted
by Jason. Although, if you go to the link posted by Jason, it looks like the
options of setting/saving the marks that CONNMARK has, they don't work as
most people will expect to (set mark to the connection and _save_ it
afterward inside the connetion, not resetting to zero and save it).
I can post the original message to the devel list, maybe I'll get a different
twist from the author (if still there)
More information about the netfilter