* -p udp marking tcp packets ?
@ 2009-05-02 5:57 Salatiel Filho
2009-05-03 0:46 ` Salatiel Filho
2009-05-03 16:08 ` Jozsef Kadlecsik
0 siblings, 2 replies; 3+ messages in thread
From: Salatiel Filho @ 2009-05-02 5:57 UTC (permalink / raw)
To: netfilter-devel
i was having a strange behaviour marking packets in a new and updated
router with kernel 2.6.29 and iptables 1.4.3 using an old script ,
while it worked just fine on an old router.
Trying to debug i found out this:
# iptables -p udp -t mangle -A PREROUTING -m state --state NEW -j LOG
# iptables -nvL PREROUTING -t mangle
Chain PREROUTING (policy ACCEPT 1491 packets, 232K bytes)
pkts bytes target prot opt in out source
destination
34 5042 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW LOG flags 0 level 4
In the logs i can see: [Why are TCP packets being marked by that rule ?]
May 2 02:54:01 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=208.67.222.222 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=3746 DF
PROTO=UDP SPT=40824 DPT=53 LEN=41
May 2 02:54:01 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63870 DF
PROTO=TCP SPT=55145 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
May 2 02:54:02 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=208.67.222.222 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=3964 DF
PROTO=UDP SPT=50636 DPT=53 LEN=53
May 2 02:54:02 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=74.125.45.189 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60402 DF
PROTO=TCP SPT=41692 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
May 2 02:54:05 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=208.69.36.132 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18184 DF
PROTO=TCP SPT=43497 DPT=995 WINDOW=5840 RES=0x00 SYN URGP=0
May 2 02:54:06 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2765 DF PROTO=TCP
SPT=47733 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
May 2 02:54:06 OpenWrt user.warn kernel: IN=br-lan OUT=
MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28286 DF
PROTO=TCP SPT=47734 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
--
[]'s
Salatiel
"O maior prazer do inteligente é bancar o idiota
diante de um idiota que banca o inteligente".
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: -p udp marking tcp packets ?
2009-05-02 5:57 -p udp marking tcp packets ? Salatiel Filho
@ 2009-05-03 0:46 ` Salatiel Filho
2009-05-03 16:08 ` Jozsef Kadlecsik
1 sibling, 0 replies; 3+ messages in thread
From: Salatiel Filho @ 2009-05-03 0:46 UTC (permalink / raw)
To: netfilter-devel
On Sat, May 2, 2009 at 02:57, Salatiel Filho <salatiel.filho@gmail.com> wrote:
> i was having a strange behaviour marking packets in a new and updated
> router with kernel 2.6.29 and iptables 1.4.3 using an old script ,
> while it worked just fine on an old router.
> Trying to debug i found out this:
>
> # iptables -p udp -t mangle -A PREROUTING -m state --state NEW -j LOG
> # iptables -nvL PREROUTING -t mangle
> Chain PREROUTING (policy ACCEPT 1491 packets, 232K bytes)
> pkts bytes target prot opt in out source
> destination
> 34 5042 LOG udp -- * * 0.0.0.0/0
> 0.0.0.0/0 state NEW LOG flags 0 level 4
>
> In the logs i can see: [Why are TCP packets being marked by that rule ?]
>
> May 2 02:54:01 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=208.67.222.222 LEN=61 TOS=0x00 PREC=0x00 TTL=64 ID=3746 DF
> PROTO=UDP SPT=40824 DPT=53 LEN=41
> May 2 02:54:01 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63870 DF
> PROTO=TCP SPT=55145 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
> May 2 02:54:02 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=208.67.222.222 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=3964 DF
> PROTO=UDP SPT=50636 DPT=53 LEN=53
> May 2 02:54:02 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=74.125.45.189 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=60402 DF
> PROTO=TCP SPT=41692 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
> May 2 02:54:05 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=208.69.36.132 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=18184 DF
> PROTO=TCP SPT=43497 DPT=995 WINDOW=5840 RES=0x00 SYN URGP=0
> May 2 02:54:06 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2765 DF PROTO=TCP
> SPT=47733 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
> May 2 02:54:06 OpenWrt user.warn kernel: IN=br-lan OUT=
> MAC=00:1a:70:fe:62:5c:00:1c:c0:82:25:c8:08:00 SRC=192.168.1.141
> DST=74.125.45.18 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=28286 DF
> PROTO=TCP SPT=47734 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0
>
>
>
>
> --
>
> []'s
> Salatiel
>
> "O maior prazer do inteligente é bancar o idiota
> diante de um idiota que banca o inteligente".
>
-p tcp is also matching against udp packets ...
Noone else having this behaviour ?
--
[]'s
Salatiel
"O maior prazer do inteligente é bancar o idiota
diante de um idiota que banca o inteligente".
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: -p udp marking tcp packets ?
2009-05-02 5:57 -p udp marking tcp packets ? Salatiel Filho
2009-05-03 0:46 ` Salatiel Filho
@ 2009-05-03 16:08 ` Jozsef Kadlecsik
1 sibling, 0 replies; 3+ messages in thread
From: Jozsef Kadlecsik @ 2009-05-03 16:08 UTC (permalink / raw)
To: Salatiel Filho; +Cc: netfilter-devel
On Sat, 2 May 2009, Salatiel Filho wrote:
> i was having a strange behaviour marking packets in a new and updated
> router with kernel 2.6.29 and iptables 1.4.3 using an old script ,
> while it worked just fine on an old router.
> Trying to debug i found out this:
>
> # iptables -p udp -t mangle -A PREROUTING -m state --state NEW -j LOG
[...]
> In the logs i can see: [Why are TCP packets being marked by that rule ?]
What about all the other tables (filter, nat, raw)? Isn't there any
logging rule in them? Why don't you add a log prefix, which would
identify the logging rule?
Best regards,
Jozsef
-
E-mail : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-05-03 16:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-05-02 5:57 -p udp marking tcp packets ? Salatiel Filho
2009-05-03 0:46 ` Salatiel Filho
2009-05-03 16:08 ` Jozsef Kadlecsik
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.