Help: Marking UDP packets in a bridge - Aravindhan Dhanasekaran

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Aravindhan Dhanasekaran <adhanas@ncsu.edu>
To: netfilter@vger.kernel.org
Subject: Help: Marking UDP packets in a bridge
Date: Fri, 10 Oct 2014 11:28:00 -0400	[thread overview]
Message-ID: <5437FB00.3030806@ncsu.edu> (raw)

Hello,

I'm trying to mark UDP packets entering (or leaving) a bridge, destined to a
particular UDP port on a machine on the other side of the bridge.

My simple topology looks like:
host1 [eth1] <-----> [s1-eth1] bridge [s1-eth2] <-----> [eth1] host2

I've added a rule to the FORWARD chain on the mangle table in the bridge to mark
the packets that I require:
$ sudo iptables -t mangle -A FORWARD -p udp --dport 9917 -j MARK --set-mark 17
$ iptables -L FORWARD -t mangle -v
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source       destination
    0     0 MARK       udp  --  any    any     anywhere     anywhere      udp
dpt:9917 MARK set 0x11

But, looks like none of packets are being marked (counters are all 0s in
iptables output as shown above). I have traffic matching the above rule flowing
through the bridge which I verified using tcpdump.
$ sudo tcpdump -i s1-eth1 udp dst port 9917
...
11:22:14.774417 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470
11:22:14.774597 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470
11:22:14.774731 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470^C

999 packets captured
1831 packets received by filter
795 packets dropped by kernel

I'm not sure what's wrong with my configuration. Any help would be appreciated.

Thanks,
/Aravind

next             reply	other threads:[~2014-10-10 15:28 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-10 15:28 Aravindhan Dhanasekaran [this message]
2014-10-13  4:08 ` Help: Marking UDP packets in a bridge Vigneswaran R
2014-10-13  4:58   ` Aravindhan Dhanasekaran
2014-10-13  4:54 ` Anton Danilov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5437FB00.3030806@ncsu.edu \
    --to=adhanas@ncsu.edu \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.