Hello, Is there any way to mark inbound packets from a particular router? Not by the source/destination IP but by the previous-hop device. Here is my senario: I have two WAN connections each with a dedicated router. These routers redirect traffic entering the "lan" and "wan" interfaces to a Linux box via another interface (can be done with Policy Based Routing or WCCPv2). That traffic is queued to my userspace daemon, processed then sent back. I want to return the processed packets back to the original router that redirected the packets though. I expect this would be pretty simple if the packets were marked somehow. So is there some method to mark packets by "previous-hop" or possibly by the source MAC address? Not sure how this could be done. The routers and Linux box are all on one subnet. So I cannot mark by inbound interface. It seems like once that issue is worked out either of these could push the packets to where it would need to go. nfq_set_verdict2 nfq_set_verdict_mark My original through was do something in my netfilter hook by modifying the destination MAC address but it did not seem like that is possible at least not from the netfilter hook but might work with dev_add_pack() when packets enter the Ethernet interface and storing the source MAC somewhere in the skb then using dev_add_pack() on outbound packets to determine if they are going out the same interface they entered. If so just modify the destination MAC and re-checksum so it would get delivered back to where it originated. That seemed pretty hackish to me but might still be an option. Thank you. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
