Re: Re IPv6 MARK support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry, i did not answer to the netfilter list.

It does not work with the 2.6.20 kernel although the patch is applied.
I followed the functions calls and i really do not understand what is
missing. In my opinion the ip rule is matched and applied to the
packet (the dst_entry seems to be good, at least the net_device
structure). The skb->dev field contain the good device (eth0) from
which the paket should leave the terminal (tested in function
ip6_output2) however the pcket continues to leave through the default
interface.

I am not an expert of Linux and the IPv6 stack, so your help would be
greatly appreciated !

On 2/28/07, Yasuyuki KOZAKAI <yasuyuki.kozakai@xxxxxxxxxxxxx> wrote:


Hi,

From: "Boutin Maël" <mael.boutin@xxxxxxxxxxx>
Date: Wed, 28 Feb 2007 12:53:44 +0100

> Thanks for the patch, however it does not work, the kernel does not compile :
>
> line 18:
>
> struct sk_buff has no member named mark (it should be nfmark no ?)
> unknown field "mark" specified in initializer

Ah yes. nfmark is renamed to mark at 2.6.20.

> To answer your previous questions :
> yes i have logs in the kernel for both out6 and post6.

Thanks.

> Of course i can try 2.6.20 but it seems to me that there is the same
> problem (i tried before)

I think so.

> In my opinion the problem is due to the fact that the routing decision
> is made before OUTPUT chain but not relaunched once the nfmark routing
> key is changed which is i think how it should work.

Yes. That is what ip6_route_me_harder does.

How about this for 2.6.19 ?

[NETFILTER]: ip6_route_me_harder should take into account mark

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>

diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index f6294e5..ca50b58 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -15,6 +15,7 @@ int ip6_route_me_harder(struct sk_buff *
        struct dst_entry *dst;
        struct flowi fl = {
                .oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
+               .mark = skb->nfmark,
                .nl_u =
                { .ip6_u =
                  { .daddr = iph->daddr,




--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux