TomAs wrote:> Hello again,
>
> because my last RE: mark range wasn''t delivered to list,
> I''m trying again as new thread.
>
> So can you anybody explain me mark range limit?
> As Tom wrote that "Shorewall reserves marks > 255 for its own
use"
>
> Ok, but when I used my own shaping script using fwmark (tcstart) instead of
> implemented tcrules script, is this rule (that i cannot use mark above 255)
> still valid for me?
>
> BTW: mark limit for iptables should be 0xffff (65535), isn''t?
>
As I said before, I reserve the right to begin using packet marks > 255
at any time for Shorewall-internal purposes.
The new 1.3.0/2.6.11 iptables/Netfilter code allows using masking while
setting marks; this allows me to use the high-order bits of the mark
without affecting your use of the low-order bits. I won''t do that until
''tc'' and ''ip'' have been changed to allow
specification of a mask in
''fwmark'' processing.
So in general, using mark values > 255 could break for you at some time
in the future.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key