On Tue, 21 Jul 2009 17:18:37 +0200, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > Fabio Marcone a écrit : >> >> I have a linux router and I mark packets from lan to wan and I use a tc >> class to limit datarate (selecting packets by mark). >> but how can I recognize answer packets? How can I know is a packet is >> about a connection previously established? > > See the CONNMARK target and the connmark match. > > When you mark a packet, you can propagate this mark to the connexion the packet is from using the rule: iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark And then, the mark will appear in /proc/net/ip_conntrack and all the packets of this connexion will be marked. -- julien http://jve.linuxwall.info/blog -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
