On 12-12-21 08:13 AM, Yury Stankevich wrote:
sure, i use it ingress, so, i need to use tc xt action to get mark on the packet, before filter on ifb will run.
Ok. So does ifb see it?
prerouting rule, in turn, used to test if mark was actually restored.
No experience with connmark, but - in order to restore something has to store it, correct?
in practice: 1. prerouting rule - is not fired. so, no packets with mark was seen. 2. filter on ifb - do not pass traffic to flow configured. looks like `CONNMARK --restore` is not really called.
My suspicion is that it is not set to begin with... cheers, jamal -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
