| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50D46060.2070308@gmail.com> Date: Fri, 21 Dec 2012 17:13:04 +0400 From: Yury Stankevich <urykhy@...il.com> To: Jamal Hadi Salim <jhs@...atatu.com> CC: Hasan Chowdhury <shemonc@...il.com>, Stephen Hemminger <shemminger@...tta.com>, Jan Engelhardt <jengelh@...i.de>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, pablo@...filter.org, netfilter-devel@...r.kernel.org Subject: Re: [PATCH] pkt_sched: act_xt support new Xtables interface 21.12.2012 17:03, Jamal Hadi Salim пишет: > On 12-12-20 09:59 AM, Yury Stankevich wrote: >> interesting, >> >> #tc -s filter show dev usb0 parent ffff: > > > Given you are adding this on ingress - the settings you have will > happen before pre-routing hook. > If you did things at egress - the setting will take effect after > post-routing. So take a closer look at those details they look > like your source of issues.. sure, i use it ingress, so, i need to use tc xt action to get mark on the packet, before filter on ifb will run. prerouting rule, in turn, used to test if mark was actually restored. in practice: 1. prerouting rule - is not fired. so, no packets with mark was seen. 2. filter on ifb - do not pass traffic to flow configured. looks like `CONNMARK --restore` is not really called. -- Linux registered user #402966 // pub 1024D/E99AF373 <pgp.mit.edu> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists