On Nov 22, 2007 5:02 PM, Diego Alencar Alves de Lima <listas@xxxxxxxxxxxxx> wrote: > Greetings, > > I was reading documentation about using iptables's connmark along with > iproute2, but I didn't find documentation about how exactly this package > marking is done. I read on some places that it isn't done by changing > any TCP header. How exactly does that work? > > Thank you. > > -- > Diego Alencar Alves de Lima > Linux User #405564 > http://www.diegolima.org > > > - > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Hi Diego, The netfilter mark the nfmark field, in the IP packets, for QoS reasons. But this marking cannot be forwarded on the IP packets, is only used in the kernel space, is not forwarded over the network. The comment on the kernel of this skbuff field is: @nfmark: Can be used for communication between hooks You could modify the field DSCP, this is forwarded in the IP packets over the network. Regards Tiago - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
