mark values are unique per packet. the response packet will get a new mark value, initially 0..
but there is help. See the CONNMARK pactch in patch-o-matic. Adds a similar mark value to conntrack, allowing you to mark a connection rather than individual packets. Why do you need mark values to know which packets to modify? How are you modifying packets, and why? Perhaps there is a better way if you describe a little of what you are up to doing. Regards Henrik Nordström MARA Systems AB, Sweden Shipman, Jeffrey E wrote: > I have a situation where I need to be able to > mark packets on the NF_IP_LOCAL_IN hook that > match certain patterns we will be watching > for. This because after accept the packet and > the response packet is generated (NF_IP_LOCAL_OUT), > we must be able to know how to modify this packet > depending on the results from that incoming > packet. Does anyone have some advice how to properly > mark these packets so we can do this? Any tips > or direction on where to look would be most > appreciated. > > TIA, > > Jeff Shipman - CCD > Sandia National Laboratories > (505) 844-1158 / MS-1372
