On Mon, 2005-01-10 at 16:36, Michael P. Soulier wrote: > Hello, > > I am trying to classify ipsec and non-ipsec traffic on the external > interface of my box. I plan to use fwmarks in iptables, and then rely on > those for queueing classification on the external interface. > > My question is, if I mark a packet before it is encrypted by KLIPS in > FreeS/WAN, when it is re-injected with a new IP header, will that fwmark > be maintained? nothing can replace you actually testing this for yourself, but yes--in my experience--MARKs stay with a packet through its entire journey through the stack, regardless of what sort of processing is done to the packet. a MARK is simply tag associated with a packet, but not part of the packet itself. -j -- "I have been shot eight times this year, and as a result, I almost missed work." --The Simpsons
