From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Date: Thu, 01 Jun 2006 20:01:36 +0000 Subject: Re: [LARTC] iptables CLASSIFY and MARK not working? Message-Id: <447F47A0.7000104@trash.net> List-Id: References: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net> In-Reply-To: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: "Eliot, Wireless and Server Administrator, Great Lakes Internet" Cc: lartc@mailman.ds9a.nl, Netfilter Development Mailinglist Eliot, Wireless and Server Administrator, Great Lakes Internet wrote: > Bridged iptables (ebtables) is not enabled in the kernel and I cannot > seem to find a variable "bridge-nf-call-iptables" to set with sysctl: > > wireless-r1 linux # sysctl -w bridge-nf-call-iptables=0 > error: "bridge-nf-call-iptables" is an unknown key > > There is also no /proc/sys/net/*/bridge anything. I assume that means > this is not something I need to worry about? Not sure yet, the problem would be created by CONFIG_BRIDGE_NETFILTER, not ebtables itself. Check for "/proc/sys/net/bridge/bridge-nf-call-iptables". I'm actually pretty sure that this is indeed what's causing the problem, bridge netfilter defers calling the IP POST_ROUTING hook until the packet was already transmitted over the device (and before it goes out the underlying device), which means when it hits the CLASSIFY target it already passed through the qdisc. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc From mboxrd@z Thu Jan 1 00:00:00 1970 From: Patrick McHardy Subject: Re: [LARTC] iptables CLASSIFY and MARK not working? Date: Thu, 01 Jun 2006 22:01:36 +0200 Message-ID: <447F47A0.7000104@trash.net> References: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Cc: lartc@mailman.ds9a.nl, Netfilter Development Mailinglist Return-path: To: "Eliot, Wireless and Server Administrator, Great Lakes Internet" In-Reply-To: <0633E0EDB4F25F43A2D7179CA11FAFAB25541A@xavier.staff.greatlakes.net> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-devel-bounces@lists.netfilter.org Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Eliot, Wireless and Server Administrator, Great Lakes Internet wrote: > Bridged iptables (ebtables) is not enabled in the kernel and I cannot > seem to find a variable "bridge-nf-call-iptables" to set with sysctl: > > wireless-r1 linux # sysctl -w bridge-nf-call-iptables=0 > error: "bridge-nf-call-iptables" is an unknown key > > There is also no /proc/sys/net/*/bridge anything. I assume that means > this is not something I need to worry about? Not sure yet, the problem would be created by CONFIG_BRIDGE_NETFILTER, not ebtables itself. Check for "/proc/sys/net/bridge/bridge-nf-call-iptables". I'm actually pretty sure that this is indeed what's causing the problem, bridge netfilter defers calling the IP POST_ROUTING hook until the packet was already transmitted over the device (and before it goes out the underlying device), which means when it hits the CLASSIFY target it already passed through the qdisc.