Charles, : can you comment why this is -- : : ip rule to xxx.xxx.xxx.xxx table n : : works, and : : iptables fwmark y table n : : doesn't? is it because OUTPUT checked the rule while the packet was : "generated" locally, but not after it was marked? I can certainly make such a comment. The RPDB is consulted for every *new* route lookup. Any source/dest,(tos/fwmark/iif) tuple which is not in the route cache will be looked up. The lookup process checks the RPDB and any routing tables specified by the RPDB. This all happens before the OUTPUT chain for locally generated packets. So, locally generated packets marked in the OUTPUT chain have already been routed. As I mentioned before, I will defer to those who know the kernel code better, but my understanding is exactly in line with the KPTD [1]. I have also written in more detail on the route selection process [2]. Best, -Martin [1] http://www.docum.org/stef.coene/qos/kptd/ [2] http://linux-ip.net/html/routing-selection.html -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@xxxxxxxxxxxxxx
