From: "Steffen Heil (Mailinglisten)" <lists@steffen-heil.de>
To: Jan Engelhardt <jengelh@inai.de>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: RE: AW: How to mark packet by reqid?
Date: Fri, 18 May 2012 09:35:42 +0000 [thread overview]
Message-ID: <EDD810CD654E254F90731B425DE8AA6F106B5918@dc2008r2.sh-solutions.intern> (raw)
In-Reply-To: <EDD810CD654E254F90731B425DE8AA6F106B588D@dc2008r2.sh-solutions.intern>
[-- Attachment #1: Type: text/plain, Size: 2760 bytes --]
Another fact:
I added a logging rule and I got logged:
May 18 09:27:00 vpn-a kernel: [49503.963182] mangle_PREROUTING: IN=eth0 OUT=
MAC=00:16:3e:0f:01:00:00:16:3e:0f:02:00:08:00 SRC=10.5.0.2 DST=10.5.0.1
LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=56019 PROTO=ESP SPI=0xc89f8130
My mange / POSTROUTING rules:
-s 10.1.1.0/24 -d 10.2.1.0/24 -j MARK --set-xmark 0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --spi 0xc89f8130 -j MARK --set-xmark
0x1/0xffffffff
-p esp -m policy --dir in --pol ipsec --reqid 1 -j MARK --set-xmark
0x1/0xffffffff
-j LOG --log-prefix "mangle_PREROUTING: "
Yet the packet did not get marked...
I start to believe this is a bug.
Regards,
Steffen
> -----Original Message-----
> From: Steffen Heil (Mailinglisten)
> Sent: Thursday, May 17, 2012 10:39 PM
> To: Steffen Heil (Mailinglisten); Jan Engelhardt
> Cc: netfilter@vger.kernel.org
> Subject: RE: AW: How to mark packet by reqid?
>
> BTW, if that helps, here is some information about my systems.
> (Ubuntu 12.04 LTS Precise Pangolin, currently virtual, 64bit, fully
> updated.)
>
>
> root@vpn-a:~# iptables --version
> iptables v1.4.12
>
>
> root@vpn-a:~# uname -a
> Linux vpn-a 3.2.0-24-virtual #37-Ubuntu SMP Wed Apr 25 10:17:19 UTC 2012
> x86_64 x86_64 x86_64 GNU/Linux
>
>
> root@vpn-a:~# lsmod
> Module Size Used by
> xt_policy 12670 1
> xt_esp 12529 0
> iptable_mangle 12734 1
> xt_mark 12563 2
> ip_tables 27473 1 iptable_mangle
> x_tables 29846 5
> xt_policy,xt_esp,iptable_mangle,xt_mark,ip_tables
> authenc 17582 2
> xfrm6_mode_tunnel 12639 2
> xfrm4_mode_tunnel 12639 4
> xfrm_user 31825 2
> xfrm4_tunnel 12779 0
> tunnel4 13213 1 xfrm4_tunnel
> ipcomp 12673 0
> xfrm_ipcomp 13556 1 ipcomp
> esp4 17061 2
> ah4 12885 0
> deflate 12617 0
> zlib_deflate 27139 1 deflate
> ctr 13201 0
> twofish_generic 16635 0
> twofish_x86_64_3way 25287 0
> twofish_x86_64 12867 1 twofish_x86_64_3way
> twofish_common 20919 3
> twofish_generic,twofish_x86_64_3way,twofish_x86_64
> camellia 29348 0
> serpent 29125 0
> blowfish_generic 12530 0
> blowfish_x86_64 21466 0
> blowfish_common 16699 2 blowfish_generic,blowfish_x86_64
> cast5 25112 0
> des_generic 21415 0
> xcbc 12815 0
> rmd160 16744 0
> sha512_generic 12796 0
> crypto_null 12918 0
> af_key 36389 0
> xfs 836508 1
[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 6566 bytes --]
next prev parent reply other threads:[~2012-05-18 9:35 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-15 22:44 How to mark packet by reqid? Steffen Heil (Mailinglisten)
2012-05-15 23:23 ` Jan Engelhardt
2012-05-16 6:34 ` AW: " Steffen Heil (Mailinglisten)
2012-05-16 6:51 ` Jan Engelhardt
2012-05-17 20:15 ` AW: " Steffen Heil (Mailinglisten)
2012-05-17 20:39 ` Steffen Heil (Mailinglisten)
2012-05-18 9:35 ` Steffen Heil (Mailinglisten) [this message]
2012-05-25 9:43 ` Nix-AW: " Jan Engelhardt
2012-05-19 11:33 ` Steffen Heil (Mailinglisten)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=EDD810CD654E254F90731B425DE8AA6F106B5918@dc2008r2.sh-solutions.intern \
--to=lists@steffen-heil.de \
--cc=jengelh@inai.de \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.