All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Steffen Heil (Mailinglisten)" <lists@steffen-heil.de>
To: Jan Engelhardt <jengelh@inai.de>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: RE: AW: How to mark packet by reqid?
Date: Fri, 18 May 2012 09:35:42 +0000	[thread overview]
Message-ID: <EDD810CD654E254F90731B425DE8AA6F106B5918@dc2008r2.sh-solutions.intern> (raw)
In-Reply-To: <EDD810CD654E254F90731B425DE8AA6F106B588D@dc2008r2.sh-solutions.intern>

[-- Attachment #1: Type: text/plain, Size: 2760 bytes --]

Another fact:

I added a logging rule and I got logged:

May 18 09:27:00 vpn-a kernel: [49503.963182] mangle_PREROUTING: IN=eth0 OUT=
MAC=00:16:3e:0f:01:00:00:16:3e:0f:02:00:08:00 SRC=10.5.0.2 DST=10.5.0.1
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=56019 PROTO=ESP SPI=0xc89f8130

My mange / POSTROUTING rules:

-s 10.1.1.0/24 -d 10.2.1.0/24 -j MARK --set-xmark 0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --spi 0xc89f8130 -j MARK --set-xmark
0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --reqid 1 -j MARK --set-xmark
0x1/0xffffffff
-j LOG --log-prefix "mangle_PREROUTING: "

Yet the packet did not get marked...
I start to believe this is a bug.

Regards,
  Steffen


> -----Original Message-----
> From: Steffen Heil (Mailinglisten)
> Sent: Thursday, May 17, 2012 10:39 PM
> To: Steffen Heil (Mailinglisten); Jan Engelhardt
> Cc: netfilter@vger.kernel.org
> Subject: RE: AW: How to mark packet by reqid?
> 
> BTW, if that helps, here is some information about my systems.
> (Ubuntu 12.04 LTS Precise Pangolin, currently virtual, 64bit, fully
> updated.)
> 
> 
> root@vpn-a:~# iptables --version
> iptables v1.4.12
> 
> 
> root@vpn-a:~# uname -a
> Linux vpn-a 3.2.0-24-virtual #37-Ubuntu SMP Wed Apr 25 10:17:19 UTC 2012
> x86_64 x86_64 x86_64 GNU/Linux
> 
> 
> root@vpn-a:~# lsmod
> Module                  Size  Used by
> xt_policy              12670  1
> xt_esp                 12529  0
> iptable_mangle         12734  1
> xt_mark                12563  2
> ip_tables              27473  1 iptable_mangle
> x_tables               29846  5
> xt_policy,xt_esp,iptable_mangle,xt_mark,ip_tables
> authenc                17582  2
> xfrm6_mode_tunnel      12639  2
> xfrm4_mode_tunnel      12639  4
> xfrm_user              31825  2
> xfrm4_tunnel           12779  0
> tunnel4                13213  1 xfrm4_tunnel
> ipcomp                 12673  0
> xfrm_ipcomp            13556  1 ipcomp
> esp4                   17061  2
> ah4                    12885  0
> deflate                12617  0
> zlib_deflate           27139  1 deflate
> ctr                    13201  0
> twofish_generic        16635  0
> twofish_x86_64_3way    25287  0
> twofish_x86_64         12867  1 twofish_x86_64_3way
> twofish_common         20919  3
> twofish_generic,twofish_x86_64_3way,twofish_x86_64
> camellia               29348  0
> serpent                29125  0
> blowfish_generic       12530  0
> blowfish_x86_64        21466  0
> blowfish_common        16699  2 blowfish_generic,blowfish_x86_64
> cast5                  25112  0
> des_generic            21415  0
> xcbc                   12815  0
> rmd160                 16744  0
> sha512_generic         12796  0
> crypto_null            12918  0
> af_key                 36389  0
> xfs                   836508  1


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 6566 bytes --]

  reply	other threads:[~2012-05-18  9:35 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-15 22:44 How to mark packet by reqid? Steffen Heil (Mailinglisten)
2012-05-15 23:23 ` Jan Engelhardt
2012-05-16  6:34   ` AW: " Steffen Heil (Mailinglisten)
2012-05-16  6:51     ` Jan Engelhardt
2012-05-17 20:15       ` AW: " Steffen Heil (Mailinglisten)
2012-05-17 20:39         ` Steffen Heil (Mailinglisten)
2012-05-18  9:35           ` Steffen Heil (Mailinglisten) [this message]
2012-05-25  9:43         ` Nix-AW: " Jan Engelhardt
2012-05-19 11:33       ` Steffen Heil (Mailinglisten)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=EDD810CD654E254F90731B425DE8AA6F106B5918@dc2008r2.sh-solutions.intern \
    --to=lists@steffen-heil.de \
    --cc=jengelh@inai.de \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.