John A. Sullivan III wrote: > What is going on? What is changing the marks? I was under the impression > marks were only set in the mangle table. I've scoured the mangle table > and the only rule setting a mark is the one mention above which sets > 0x80000000. It will be a bug in the OpenSWAN code when it decompresses/decrypts the packet. It has its own skb copy code which seems to be badly out of date. I've found one bug in the decompression path where it wasn't setting the mark at all, but it seems like there is another bug somewhere too. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
