On 11/13/2012 04:18 AM, Artur Uszyński wrote: > Hello. > > Shouldn't marks in routemark chain (and "~excl" chains etc.) be applied with > mask according to PROVIDER_OFFSET and PROVIDER_BITS ? > Currently shorewall does this: > > -A routemark -i p2p1 -j MARK --set-mark 0x100 > -A routemark -i p2p2 -j MARK --set-mark 0x200 > > Shouldn't it be (for example): > > -A routemark -i p2p1 -j MARK --set-mark 0x100/0xff00 > -A routemark -i p2p2 -j MARK --set-mark 0x200/0xff00 > > ? > > If I mark packets elsewhere using for example mask 0xff (for qos, ipsec, > routing etc.), I am currently loosing those marks in routemark chain. Or am I > wrong ?
The routemark chain is entered early in PREROUTING -- you don't have any opportunity to apply your marks until after that point. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
