Thanks for the patch, however it does not work, the kernel does not compile :
line 18:
struct sk_buff has no member named mark (it should be nfmark no ?)
unknown field "mark" specified in initializer
To answer your previous questions :
yes i have logs in the kernel for both out6 and post6.
Of course i can try 2.6.20 but it seems to me that there is the same
problem (i tried before)
In my opinion the problem is due to the fact that the routing decision
is made before OUTPUT chain but not relaunched once the nfmark routing
key is changed which is i think how it should work.
Best regards,
Maël
On 2/28/07, Yasuyuki KOZAKAI <yasuyuki.kozakai@xxxxxxxxxxxxx> wrote:
Hi again,
From: Yasuyuki KOZAKAI <yasuyuki.kozakai@xxxxxxxxxxxxx>
Date: Wed, 28 Feb 2007 19:53:22 +0900 (JST)
>
> Hi,
>
> From: "Boutin Maël" <mael.boutin@xxxxxxxxxxx>
> Date: Wed, 28 Feb 2007 10:55:01 +0100
>
> > After some tests, it appears that it is the OUTPUT chain that does not
> > work. Indeed with the PREROUTING chain the mark is taken into account
> > by iproute and the packet is routed as indicated in the corresponding
> > tables.
> >
> > Is it a bug or something i missed ?
>
> I suspect IPv6 routing. But for conformation, can you try
>
> ip6tables -t mangle -A OUTPUT -m mark --mark 0x1 -j LOG --log-prefix "out6 "
> ip6tables -t mangle -A POSTROUTING -m mark --mark 0x1 -j LOG --log-prefix "post6 "
>
> after your rules and check whether you can see some log by LOG target ?
> And do you have any chance to try 2.6.20 ?
I found that ip6_route_me_harder() doesn't take into account of mark.
Can you try this patch ?
Regards,
[NETFILTER]: ip6_route_me_harder should take into account mark
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index f6294e5..ca50b58 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -15,6 +15,7 @@ int ip6_route_me_harder(struct sk_buff *
struct dst_entry *dst;
struct flowi fl = {
.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
+ .mark = skb->mark,
.nl_u =
{ .ip6_u =
{ .daddr = iph->daddr,
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
