21.12.2012 17:03, Jamal Hadi Salim пишет: > On 12-12-20 09:59 AM, Yury Stankevich wrote: >> interesting, >> >> #tc -s filter show dev usb0 parent ffff: > > > Given you are adding this on ingress - the settings you have will > happen before pre-routing hook. > If you did things at egress - the setting will take effect after > post-routing. So take a closer look at those details they look > like your source of issues.. sure, i use it ingress, so, i need to use tc xt action to get mark on the packet, before filter on ifb will run. prerouting rule, in turn, used to test if mark was actually restored. in practice: 1. prerouting rule - is not fired. so, no packets with mark was seen. 2. filter on ifb - do not pass traffic to flow configured. looks like `CONNMARK --restore` is not really called. -- Linux registered user #402966 // pub 1024D/E99AF373 <pgp.mit.edu> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
