Using nfmark

Using nfmark

[Roberto Jung Drebes]

Hello again,

Can someone point me to documentation about the nfmark field of the 
sk_buff structure?

My netfilter module creates some traffic using ip_rcv and 
ip_finish_output, and this traffic is also subject to my module, since 
it is registered in the NF_IP_PRE_ROUTING and NF_IP_POST_ROUTING hooks. 
I would like to test in my module if this traffic was created by itself 
(in which case it should be ignored) or not (should be processed), and 
so I am thinking of marking created packets with a magic number. Can I 
use nfmark for that? Are there any other netfilter modules that use it?

Thanks in advance,

-- 
Roberto Jung Drebes <drebes@inf.ufrgs.br>
Porto Alegre, RS - Brasil
http://www.inf.ufrgs.br/~drebes/

Re: Using nfmark

[Tobias DiPasquale]

On Tue, 30 Nov 2004 18:47:50 -0200, Roberto Jung Drebes
<drebes@inf.ufrgs.br> wrote:
> My netfilter module creates some traffic using ip_rcv and
> ip_finish_output, and this traffic is also subject to my module, since
> it is registered in the NF_IP_PRE_ROUTING and NF_IP_POST_ROUTING hooks.
> I would like to test in my module if this traffic was created by itself
> (in which case it should be ignored) or not (should be processed), and
> so I am thinking of marking created packets with a magic number. Can I
> use nfmark for that? Are there any other netfilter modules that use it?

If you only need the distinction during local packet processing, then
you can use the nfmark field for that purpose. However, if you are
trying to mark packets that will leave the box and be destined for
another, then you can't use nfmark. nfmark is just a
netfilter-internal field used to mark packets for firewall/route
rule/traffic shaping classification during packet processing. That
field is not actually part of the packet that comes in/goes out on the
wire.

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d