On Friday 2012-12-21 14:50, Jamal Hadi Salim wrote: > On 12-12-21 08:13 AM, Yury Stankevich wrote: >> i use it ingress, >> so, i need to use tc xt action >> to get mark on the packet, before filter on ifb will run. >> prerouting rule, in turn, used to test if mark was actually restored. > > No experience with connmark, but - in order to restore something has > to store it, correct? The bigger problem here, if I see __netif_receive_skb right, is that when ingress rules run, skb->nfct is still unset, thereby the CONNMARK action is a no-op. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
