RE: AW: How to mark packet by reqid?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Another fact:

I added a logging rule and I got logged:

May 18 09:27:00 vpn-a kernel: [49503.963182] mangle_PREROUTING: IN=eth0 OUT=
MAC=00:16:3e:0f:01:00:00:16:3e:0f:02:00:08:00 SRC=10.5.0.2 DST=10.5.0.1
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=56019 PROTO=ESP SPI=0xc89f8130

My mange / POSTROUTING rules:

-s 10.1.1.0/24 -d 10.2.1.0/24 -j MARK --set-xmark 0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --spi 0xc89f8130 -j MARK --set-xmark
0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --reqid 1 -j MARK --set-xmark
0x1/0xffffffff
-j LOG --log-prefix "mangle_PREROUTING: "

Yet the packet did not get marked...
I start to believe this is a bug.

Regards,
  Steffen


> -----Original Message-----
> From: Steffen Heil (Mailinglisten)
> Sent: Thursday, May 17, 2012 10:39 PM
> To: Steffen Heil (Mailinglisten); Jan Engelhardt
> Cc: netfilter@xxxxxxxxxxxxxxx
> Subject: RE: AW: How to mark packet by reqid?
> 
> BTW, if that helps, here is some information about my systems.
> (Ubuntu 12.04 LTS Precise Pangolin, currently virtual, 64bit, fully
> updated.)
> 
> 
> root@vpn-a:~# iptables --version
> iptables v1.4.12
> 
> 
> root@vpn-a:~# uname -a
> Linux vpn-a 3.2.0-24-virtual #37-Ubuntu SMP Wed Apr 25 10:17:19 UTC 2012
> x86_64 x86_64 x86_64 GNU/Linux
> 
> 
> root@vpn-a:~# lsmod
> Module                  Size  Used by
> xt_policy              12670  1
> xt_esp                 12529  0
> iptable_mangle         12734  1
> xt_mark                12563  2
> ip_tables              27473  1 iptable_mangle
> x_tables               29846  5
> xt_policy,xt_esp,iptable_mangle,xt_mark,ip_tables
> authenc                17582  2
> xfrm6_mode_tunnel      12639  2
> xfrm4_mode_tunnel      12639  4
> xfrm_user              31825  2
> xfrm4_tunnel           12779  0
> tunnel4                13213  1 xfrm4_tunnel
> ipcomp                 12673  0
> xfrm_ipcomp            13556  1 ipcomp
> esp4                   17061  2
> ah4                    12885  0
> deflate                12617  0
> zlib_deflate           27139  1 deflate
> ctr                    13201  0
> twofish_generic        16635  0
> twofish_x86_64_3way    25287  0
> twofish_x86_64         12867  1 twofish_x86_64_3way
> twofish_common         20919  3
> twofish_generic,twofish_x86_64_3way,twofish_x86_64
> camellia               29348  0
> serpent                29125  0
> blowfish_generic       12530  0
> blowfish_x86_64        21466  0
> blowfish_common        16699  2 blowfish_generic,blowfish_x86_64
> cast5                  25112  0
> des_generic            21415  0
> xcbc                   12815  0
> rmd160                 16744  0
> sha512_generic         12796  0
> crypto_null            12918  0
> af_key                 36389  0
> xfs                   836508  1

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux