Re: [LARTC] Connmark question

From: Michael Collard <quadfour@iinet.net.au>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Connmark question
Date: Tue, 06 Dec 2005 14:08:36 +0000	[thread overview]
Message-ID: <1133878116.5911.59.camel@localhost> (raw)
In-Reply-To: <1133789369.5911.55.camel@localhost>

For the benefit of everyone, this is a kernel bug. There is info on it
here: http://qa.mandriva.com/show_bug.cgi?id\x13845

On Mon, 2005-12-05 at 21:29 +0800, Michael Collard wrote:
> I am trying to get IPP2P working on my router. Thus far I can see
> connections being marked (see below), but they don't seem to get saved
> or something. When looking at /proc/net/ip_conntrack, nothing has
> anything other than 0 for mark. The iptables commands for this are:
> 
> iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
> iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
> iptables -t mangle -A PREROUTING -m ipp2p --bit --dc --edk -j MARK
> --set-mark 3
> iptables -t mangle -A PREROUTING -m mark --mark 3 -j CONNMARK
> --save-mark
> iptables -t mangle -A POSTROUTING -o ppp0 -m mark --mark 3 -j CLASSIFY
> --set-class 1:50
> 
> This is pretty much a copy of one of the examples from the ipp2p web
> site. When doing a iptables -t mangle -L -n -v -x, I get the following:
> 
> 
> Chain PREROUTING (policy ACCEPT 7179 packets, 1787132 bytes)
>     pkts      bytes target     prot opt in     out    source
> destination
>      799   161475 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           CONNMARK restore
>        0        0 ACCEPT     all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           MARK match !0x0
>       28     4372 MARK       all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           ipp2p v0.7.4 --edk --dc --bit MARK set 0x3
>       28     4372 CONNMARK   all  --  *      *       0.0.0.0/0
> 0.0.0.0/0           MARK match 0x3 CONNMARK save
> 
> Chain INPUT (policy ACCEPT 3388 packets, 610487 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
> 
> Chain FORWARD (policy ACCEPT 3789 packets, 1175165 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
> 
> Chain OUTPUT (policy ACCEPT 2911 packets, 684078 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
> 
> Chain POSTROUTING (policy ACCEPT 6757 packets, 1866938 bytes)
>     pkts      bytes target     prot opt in     out     source
> destination
>       15     1752 CLASSIFY   all  --  *      ppp0    0.0.0.0/0
> 0.0.0.0/0           MARK match 0x3 CLASSIFY set 1:50
> 
> So I can see the packets are getting marked, or at least I see them
> being matched. Just don't know why the connection doesn't get shaped.
> Here's the stats from tc.
> 
> class htb 1:50 parent 1:1 leaf 50: prio 5 rate 325000bit ceil 650000bit
> burst 1639b cburst 1680b
>  Sent 1752 bytes 15 pkt (dropped 0, overlimits 0 requeues 0)
>  rate 0bit 0pps backlog 0b 0p requeues 0
>  lended: 15 borrowed: 0 giants: 0
>  tokens: 38314 ctokens: 19674
> 
> I am using kernel 2.6.11-6 and ipp2p 7.4 with iptables 1.2.9
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc