NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re IPv6 MARK support

from [Boutin Maël] [Permanent Link][Original]
To: netfilter <netfilter@lists.netfilter.org>
Subject: Re: Re IPv6 MARK support
From: "Boutin Maël" <mael.boutin@laposte.net>
Date: Wed, 28 Feb 2007 10:55:01 +0100
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=Tzo7Pv+UmSAOy9LEDsewcmC0WAJk4oLq0Hmp5SgdBJKOxQn5OfrXoI1PpXDqW9avlex/dfd64GIcqpc1MWootqgqo5NTfwM5KmZa422gaTRbB+Vk6dgE4W4pSCBhTtsNNrW3wheWX88w3uBz9aGWUDBGUhtH4VN8n/hmKRRGCFU=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=iQwqXe3vhckFazlG+tVPQQ5Y2wkAB1WBXU9GdooRG0tNKwK4R8RQQ8cP8Q9jVIrl7/aic2EhjyBYVDhSf229HmGDnX8EPE+ZVoR4xXnkmrwQjEHHuZLsMg+s1sWOs0StRxg5aDZrx3CcjBjXy27KcwUngOxG5yiad+u/StYAdpw=
In-reply-to: <2acb06d50702280004r5dae5aa1p6fb1f0bc9543a3d3@mail.gmail.com>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
References: <2acb06d50702280004r5dae5aa1p6fb1f0bc9543a3d3@mail.gmail.com>
Sender: netfilter-bounces@lists.netfilter.org 
After some tests, it appears that it is the OUTPUT chain that does not
work. Indeed with the PREROUTING chain the mark is taken into account
by iproute and the packet is routed as indicated in the corresponding
tables.

Is it a bug or something i missed ?

On 2/28/07, Boutin Maël <mael.boutin@laposte.net> wrote:

No one have an idea ? Is RPDB (routing policy database) working in
Ipv6 ?? Seems to me that it should work, since NEPL (Nemo
implementation for linux) is using it...


On 2/27/07,  mael.boutin@laposte.net <mael.boutin@laposte.net> wrote:
>  Hi,
>
>   I have a problem with the MARK target support. I want to MARK locally 
generated IPv6 packets (UDP, TCP, ICMP ...). For this i use the following 
ip6tables command :
>
> ip6tables -t mangle -A OUTPUT -p udp -j MARK 0x1
> ip6tables -t mangle -A OUTPUT -p tcp -j MARK 0x2
>
> All works fine, the rule is added in the OUPUT chain of mangle table. Now i 
want to retrieve this mark and route packets according to their mark :
>
> ip -6 route add 2001:688:dd00::5 via 2001:688:bb00::5 dev eth0 table TEST1
> ip -6 route add 2001:688:dd00::5 via 2001:688:cc00::5 dev eth1 table TEST2
>
> => Routes seems to be taken into account and added to the tables (it doesn't 
appear but when you type ip -6 route show table 0 | grep TEST1 you can see the rules 
in TEST1)
>
> ip -6 rule add fwmark 0x1 table TEST1
> ip -6 rule add fwmark 0x2 table TEST2
>
> => Rules are added and can be viewed with ip -6 rule show
>
> The test bed is set up correctly (all interfaces can be pinged).
>
> My problem is that when i generate a UDP flow (via nc) the packets are not 
marked (i suppose) by ip6tables and therefore iproute does not lookup table TEST1 
as it should.
>
> My kernel is  2.6.19.3 with ip6tables compiled as module with all available targets, 
IPv6 multiple routing tables is built in as well as "use netfilter MARK value as 
routing key"
>
> Best regards,
>
> Maël
>
> Envoyez vos cartes de voeux depuis  www.laposte.net
> Elles seront ensuite distribuées par le facteur : pratique et malin !
>
>
>



--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc

--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc




--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Iptables: strange way of blocking UDP traffic, massimo bortolan
Next by Date:  Re: Re IPv6 MARK support, Yasuyuki KOZAKAI
Previous by Thread:  Re IPv6 MARK support, Boutin Maël
Next by Thread:  Re: Re IPv6 MARK support, Yasuyuki KOZAKAI
Indexes:  [Date] [Thread] [Top] [All Lists]