cgroup match failing for synack packets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
        i am trying to capture packets coming out a process by
matching the cgroup the process is in.
The match for cgroup works syn packets in the tcp handshake but fails
for the syn ack packet.
i can match SYN for cgroup 102 using
  1    60 MARK       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp flags:0x12/0x02 cgroup 102 MARK set 0x66

but it fails if i try SYNACK on the server end and not packets hit my rule.

My rule on the server side is
 0     0 MARK       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0            tcp flags:0x12/0x12 cgroup 101 MARK set 0x65

where the server is a part of cgroup 101

Am i missing something here or is this a new bug ?
-SIGTERM
amit
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux