[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Problem with Netfilter (Packet Marking) and ip util
On Thu, 31 Aug 2000, Jonathan Earle wrote:
> Essentially, I am splitting one incoming UDP packet stream into two outbound
> MPLS streams. The mechanism to split the stream looks at desination ports
> (using the iptables packet marking facility) and marks packets based on
> ranges of ports. The ip tool is then used to build routing tables based on
> those marks, and the (patched) mplsadm (according to my understanding;
> perhaps my phrasing could be corrected) builds LSPs using those new routing
> tables as a packet source.
> That all works just fine, as long as the mark given by iptables is < 10. If
> the mark is >= 10, nothing happens. I tried it today with just plain IP
> routing and the same thing happens.
I didnt know about this code. It seems to be replicating some of the
functionality of the LER policing already existing in James Leu's code.
I could be wrong. So i dont have an answer for you.
> > > 1. What purpose would a mark on a packet serve? Why would
> > people do this?
> > to uniquely put an "internal to linux" tag that would be used
> > to for some
> > purpose.
> The original question remains - why? If I know *why* would someone do it, I
> can perhaps conduct a test using that function/ability to verify whether the
> mark is being properly placed or not.
> > Turn on netfilter debugging.
> Just did that, and I see nothing via dmesg or the messages file. The
> iptables manpage didn't contain a reference to 'debug'. What else do I need
> to do to see output from netfilter debugging?
Netfilter debugging prints a lot of crap, there is no wat you can
miss that noise. Turn it on via compile options.