Hi
I use connmark in raw table. Please look at the following -L output.
At the beginning of the chain I copy packet mark to the connection. -m
mark matches packets. However -m connmark not matches. It is clearly
visible from packet counters.
How can we explain this?
Regards,
Oğuz.
-t raw
Chain PREROUTING (policy ACCEPT 61M packets, 32G bytes)
8173 4803K ACCEPT all -- * * 127.0.0.1 0.0.0.0/0
127K 35M CONNMARK all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK save
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK match 0x12/0xfff LOG flags 0 level 6
prefix `ACCEPT:
'
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 CONNMARK match 0x12/0xfff
7897 4074K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0x12/0xfff LOG flags 0 level 6 prefix
`ACCEPT:'
7897 4074K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match 0x12/0xfff
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
