Hi, The DSCP and CONNMARK/MARK targets are not decisive. The last rule processing determines what will be done with the packet. Both controls can coexist. The markings (MARK) are made internally (by conntrack) - its a local control (only your kernel works with this). And the DSCP is set in the IP header (in the address space of the TOS). Thus, other routers on the network can open the ip packet and identify the DSCP value that you set. 2013/11/11 Nikolai Lusan <nikolai@xxxxxxxxxxx>: > Greetings all, > > I am at the point in writing my "new and improved"(tm) firewall where I > am adding QoS. I am marking the packets in the MANGLE table with DSCP > values, but I also want to mark packets again so that my iproute2 qdiscs > can have an easier time handling them. This requires that I mark the > packets twice (i.e. once with "-j DSCP --set-dscp-class AF32", and again > with "-j MARK --set-mark 6"). > > The question is: can I do this with consecutive rules in the MANGLE > table? What is the behaviour once a packet has matched a rule in one of > the MANGLE table chains? Does it continue to drop through? Does it > effect a RETURN? > > > Thanks in advance. > -- > Nikolai Lusan <nikolai@xxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
