On Tue, 26 Oct 2004 01:43:43 -0200, James Lista wrote > folks, Hello James. > when marking a packet to band control , what is the diffent between: > > iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark > $P2P_MARK > iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j > CONNMARK --restore-mark > > and > > iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark > $P2P_MARK Each p2p connection is composed of many ip packets. p2p match is sensible for some specific data fields in some these packets. So if you mark only these packets all other packets (with p2p application data) wont be marked and you wont limit transfer. Second line in first example marks CONNECTIONs (not packets) belonged to p2p connection (detected by p2p match). Using second method has not effect as you would wish. > ?????? > > tried to "patch-o-matic" with connmark and didnot work out (kernel > 2.6.9)... .. it works ok with 2.4.x It works for me with 2.4.x too. I didnt tried with 2.6.x. -- Kind regards, Tomasz Chilinski _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
