Re: Help: Marking UDP packets in a bridge

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vigneswaran R <vignesh@atc.tcs.com>
To: Aravindhan Dhanasekaran <adhanas@ncsu.edu>, netfilter@vger.kernel.org
Subject: Re: Help: Marking UDP packets in a bridge
Date: Mon, 13 Oct 2014 09:38:38 +0530	[thread overview]
Message-ID: <543B5046.7000200@atc.tcs.com> (raw)
In-Reply-To: <5437FB00.3030806@ncsu.edu>

On 10/10/2014 08:58 PM, Aravindhan Dhanasekaran wrote:
> Hello,
>
> I'm trying to mark UDP packets entering (or leaving) a bridge, destined to a
> particular UDP port on a machine on the other side of the bridge.
>
> My simple topology looks like:
> host1 [eth1] <-----> [s1-eth1] bridge [s1-eth2] <-----> [eth1] host2
>
>
> I've added a rule to the FORWARD chain on the mangle table in the bridge to mark
> the packets that I require:
> $ sudo iptables -t mangle -A FORWARD -p udp --dport 9917 -j MARK --set-mark 17
> $ iptables -L FORWARD -t mangle -v
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
>   pkts bytes target     prot opt in     out     source       destination
>      0     0 MARK       udp  --  any    any     anywhere     anywhere      udp
> dpt:9917 MARK set 0x11
>
>
> But, looks like none of packets are being marked (counters are all 0s in
> iptables output as shown above). I have traffic matching the above rule flowing
> through the bridge which I verified using tcpdump.
> $ sudo tcpdump -i s1-eth1 udp dst port 9917
> ...
> 11:22:14.774417 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470
> 11:22:14.774597 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470
> 11:22:14.774731 IP 10.0.0.2.49774 > 10.0.0.1.9917: UDP, length 1470^C

May be, we should do the packet marking using ebtables (instead of 
iptables) for Ethernet bridge. I am not sure..

vignesh

next prev parent reply	other threads:[~2014-10-13  4:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-10 15:28 Help: Marking UDP packets in a bridge Aravindhan Dhanasekaran
2014-10-13  4:08 ` Vigneswaran R [this message]
2014-10-13  4:58   ` Aravindhan Dhanasekaran
2014-10-13  4:54 ` Anton Danilov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=543B5046.7000200@atc.tcs.com \
    --to=vignesh@atc.tcs.com \
    --cc=adhanas@ncsu.edu \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.