On 11/13/2012 04:18 AM, Artur Uszyński wrote:> Hello.
>
> Shouldn''t marks in routemark chain (and "~excl" chains
etc.) be applied with mask according to PROVIDER_OFFSET and PROVIDER_BITS ?
> Currently shorewall does this:
>
> -A routemark -i p2p1 -j MARK --set-mark 0x100
> -A routemark -i p2p2 -j MARK --set-mark 0x200
>
> Shouldn''t it be (for example):
>
> -A routemark -i p2p1 -j MARK --set-mark 0x100/0xff00
> -A routemark -i p2p2 -j MARK --set-mark 0x200/0xff00
>
> ?
>
> If I mark packets elsewhere using for example mask 0xff (for qos, ipsec,
routing etc.), I am currently loosing those marks in routemark chain. Or am I
wrong ?
The routemark chain is entered early in PREROUTING -- you don''t have
any
opportunity to apply your marks until after that point.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov