> Is this documented anywhere? How/why does it work? I don't think so (docs). But yes it is fw's feature. I found it in cls_fw.c code - it is commented/described here. > I gather that the mark is interpreted as 16 bits of parent and 16 bits > of class. But you couldn't you also have said something like this? > iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 0x10010 > /sbin/tc filter add dev ppp0 parent 1: protocol ip prio 1 > handle 10 fw classid 1:20 > ** **** > Would that just not work? No. The trick above works ONLY when mark == qdisc:classid AND fw filter has NO children (no classid terms). devik
