On Wed, May 5, 2010 at 1:57 PM, ratheesh k <ratheesh.ksz@xxxxxxxxx> wrote: > > On Wednesday 2010-05-05 17:56, Bill Bogstad wrote: >>Since incoming packets may not be synchronized with outgoing > packets, there is the possibility that the INPUT chain rules might be > modifying the connection marking at the same time that the OUTPUT > chain rules are using the mark to modify the packet. > > I am a little bit confused . > My understanding is pkts will traverse thru various HOOKs one by one . > PREROUTING -> INPUT etc . So how come ,the same pkt will be marked and > processed at different hooks at same time ? I'm doing connection marking not packet marking. A packet being processed in the INPUT chain causes a connection mark which will be used by rules in the OUTPUT chain to modify some other outgoing packet being sent by the local TCP server. I apologize for a less then clear description of the problem. Fortunately for me, Jan figured out what I meant. Unfortunately, his answer isn't what I wanted to hear. :-) Bill Bogstad -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
