From: Andy Furniss <andy.furniss@dsl.pipex.com>
To: Martin Josefsson <gandalf@wlug.westbo.se>
Cc: jamal <hadi@cyberus.ca>, netdev@oss.sgi.com
Subject: Re: IMQ / new Dummy device post.
Date: Sun, 18 Apr 2004 22:58:33 +0100 [thread overview]
Message-ID: <4082FA09.2040404@dsl.pipex.com> (raw)
In-Reply-To: <1082323432.13261.397.camel@tux.rsn.bth.se>
Martin Josefsson wrote:
> On Sun, 2004-04-18 at 22:53, jamal wrote:
>
>>On Sun, 2004-04-18 at 12:35, Andy Furniss wrote:
>>
>>
>>>Connmark is a netfilter patch which is required by the type of P2P
>>>limiting/marking projects on sf.net that could mark bittorrent traffic.
>>
>>just from the sounds of it, appears it may be able to mark a group of
>>related flows with the same fwmark.
>
>
> connmark is like nfmark but it marks the connection-entry in
> ip_conntrack instead. And then you can "restore" that mark to the nfmark
> of the packet at any time you want with filter rules.
>
>
>>>will be OK with connbytes sometime. I don't really know how to use it,
>>>but if it is possible to mark egress connections in output and have
>>>connmark match their incoming packets that would be a solution. I
>>>haven't got a clue if connmark can do this, though, just speculating.
>>>
>>>Does anyone else know, and why it's not compatable with connbytes?
>>>
>>
>>some of the netfilter people should be able to help.
>
>
> with connmark you mark the connection, and then you can "restore" that
> mark to packets in either direction in the mangle table of iptables.
>
> connmark isn't incompatible with connbytes. It's just that both patches
> modify the same part of the code, a struct, and the patch program can't
> handle that. You'll have to fix some rejects by hand, that's it.
>
Thanks for that - though I hope not to have to use it now, just to
confirm - does it work in all of the 5 mangle tables or more
specifically could I mark every connection from local processes in
output and restore the marks in prerouting?
Andy.
next prev parent reply other threads:[~2004-04-18 21:58 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-15 9:42 IMQ / new Dummy device post Andy Furniss
2004-04-15 12:15 ` jamal
2004-04-15 19:35 ` Andy Furniss
2004-04-16 3:52 ` jamal
2004-04-16 19:35 ` Andy Furniss
[not found] ` <1082145341.1026.125.camel@jzny.localdomain>
2004-04-17 10:39 ` Andy Furniss
2004-04-17 12:09 ` jamal
2004-04-17 21:56 ` Andy Furniss
2004-04-18 14:28 ` jamal
2004-04-18 16:35 ` Andy Furniss
2004-04-18 20:34 ` Andy Furniss
2004-04-18 21:07 ` jamal
2004-04-18 21:31 ` Andy Furniss
2004-04-18 21:45 ` Andy Furniss
2004-04-18 20:53 ` jamal
2004-04-18 21:23 ` Martin Josefsson
2004-04-18 21:58 ` Andy Furniss [this message]
2004-04-19 8:14 ` Martin Josefsson
2004-04-19 12:33 ` syrius.ml
-- strict thread matches above, loose matches on Subject: below --
2004-04-19 14:22 syrius.ml
2004-04-20 2:15 ` jamal
2004-04-21 1:43 ` syrius.ml
2004-04-21 12:49 ` syrius.ml
2004-04-21 20:19 ` syrius.ml
2004-04-22 13:16 ` jamal
2004-04-22 17:43 ` syrius.ml
2004-04-23 11:29 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4082FA09.2040404@dsl.pipex.com \
--to=andy.furniss@dsl.pipex.com \
--cc=gandalf@wlug.westbo.se \
--cc=hadi@cyberus.ca \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.