Hi again,
From: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Date: Wed, 28 Feb 2007 19:53:22 +0900 (JST)
>
> Hi,
>
> From: "Boutin Maël" <mael.boutin@laposte.net>
> Date: Wed, 28 Feb 2007 10:55:01 +0100
>
> > After some tests, it appears that it is the OUTPUT chain that does not
> > work. Indeed with the PREROUTING chain the mark is taken into account
> > by iproute and the packet is routed as indicated in the corresponding
> > tables.
> >
> > Is it a bug or something i missed ?
>
> I suspect IPv6 routing. But for conformation, can you try
>
> ip6tables -t mangle -A OUTPUT -m mark --mark 0x1 -j LOG --log-prefix
> "out6 "
> ip6tables -t mangle -A POSTROUTING -m mark --mark 0x1 -j LOG
> --log-prefix "post6 "
>
> after your rules and check whether you can see some log by LOG target ?
> And do you have any chance to try 2.6.20 ?
I found that ip6_route_me_harder() doesn't take into account of mark.
Can you try this patch ?
Regards,
[NETFILTER]: ip6_route_me_harder should take into account mark
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index f6294e5..ca50b58 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -15,6 +15,7 @@ int ip6_route_me_harder(struct sk_buff *
struct dst_entry *dst;
struct flowi fl = {
.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
+ .mark = skb->mark,
.nl_u =
{ .ip6_u =
{ .daddr = iph->daddr,
|