[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Problem with Netfilter (Packet Marking) and ip util

To: "'jamal'" <hadi@cyberus.ca>
Subject: RE: Problem with Netfilter (Packet Marking) and ip util
From: "Jonathan Earle" <jearle@nortelnetworks.com>
Date: Fri, 1 Sep 2000 15:27:22 -0400
Cc: "Linux Diffserv List (E-mail)" <linux-diffserv@lrc.di.epfl.ch>
Delivery-date: Fri, 01 Sep 2000 22:54:25 +0300
Envelope-to: archive@lists.atm.tut.fi
Sender: owner-linux-diffserv@lrc.epfl.ch

Title: RE: Problem with Netfilter (Packet Marking) and ip util

> -----Original Message-----
> From: jamal [mailto:hadi@cyberus.ca]
> > > Turn on netfilter debugging.
> >
> > Just did that, and I see nothing via dmesg or the messages
> file. The
> > iptables manpage didn't contain a reference to 'debug'.
> What else do I need
> > to do to see output from netfilter debugging?
> >
>
> Netfilter debugging prints a lot of crap, there is no wat you can
> miss that noise. Turn it on via compile options.

Well, I guess I'm missing the noise because I don't see it anywhere. Do I need to make a change to any other config file (syslogd.conf perhaps?) to see the output?

Rusty gave me a hint this am. He mentioned that iproute2 is interpreting the fwmark as hex. I played with it a bit and found that the following works for a packet marked with 10 via iptables:

ip rule add fwmark 0xa table 201

or even

ip rule add fwmark a table 201 (minux the 0x hex designator)

where I replaced 10 with 0xa. iproute2 is interpreting the number on it's command line as hex, not the mark itself.

Cheers!
Jon

Prev by Date: avpkt in CBQ
Next by Date: I like this because its simple
Previous by thread: RE: Problem with Netfilter (Packet Marking) and ip util
Next by thread: TC: Dropped vs Overlimit packets
Index(es):
- Date
- Thread