Re: Fwd: question about using conntrack to change the mark

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tony He <huangya90@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Fwd: question about using conntrack to change the mark
Date: Mon, 21 Aug 2023 12:29:15 +0200	[thread overview]
Message-ID: <ZOM8e8u+BK3jBNrE@calendula> (raw)
In-Reply-To: <CAAUX2SXBVr5pG0vWvhkvrRLJv+ym6i34UrkUpRzS5FQHxh5ivg@mail.gmail.com>

On Mon, Aug 21, 2023 at 03:44:54PM +0800, Tony He wrote:
> Hi,
> 
> I am using Openwrt. The version is:
> root@OpenWrt:/# cat /etc/openwrt_release
> DISTRIB_ID='OpenWrt'
> DISTRIB_RELEASE='23.05.0-rc2'
> DISTRIB_REVISION='r23228-cd17d8df2a'
> DISTRIB_TARGET='ipq806x/generic'
> DISTRIB_ARCH='arm_cortex-a15_neon-vfpv4'
> DISTRIB_DESCRIPTION='OpenWrt 23.05.0-rc2 r23228-cd17d8df2a'
> DISTRIB_TAINTS=''
> 
> And kernel is:
> root@OpenWrt:/# uname -a
> Linux OpenWrt 5.15.118 #0 SMP Mon Jun 26 11:20:39 2023 armv7l GNU/Linux
> 
> 
> Seems that I can not use command " conntrack -U -p tcp -m 1" to change the mark.
> root@OpenWrt:/# conntrack  -L  -p tcp |grep mark=0 |wc -l
> conntrack v1.4.7 (conntrack-tools): 302 flow entries have been shown.
> 302
> root@OpenWrt:/# conntrack -U -p tcp -m 1
> Operation failed: Not supported
> conntrack v1.4.7 (conntrack-tools): Operation failed: Not supported

Please, try this patch:

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230821101751.4083-1-pablo@netfilter.org/

> I need to add option "-f ipv4", but not all entries can be updated
> successfully. "Protocol error" is reported.

EPROTO means netlink sequence numbers are not fine, which might refer
to another userspace bug.

I made another patch, error handling was not robust in the -U case (no
exit_error was used, instead printf).

Also try this patch on of the previous patch.

https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230821102739.4893-1-pablo@netfilter.org/

Thanks for reporting.

next prev parent reply	other threads:[~2023-08-21 10:29 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAAUX2SVTLxtpzsMnKWCpjRZwAKn391rm5T=y=oHPQ_T1w2UpBA@mail.gmail.com>
2023-08-21  7:44 ` Fwd: question about using conntrack to change the mark Tony He
2023-08-21 10:29   ` Pablo Neira Ayuso [this message]
2023-08-21 11:26     ` Tony He
2023-08-21 12:02       ` Pablo Neira Ayuso
2023-08-22  2:11         ` Tony He
2023-08-22  8:51           ` Pablo Neira Ayuso
2023-08-22  9:46             ` Tony He
2023-08-22 10:00               ` Pablo Neira Ayuso
2023-08-22 10:09                 ` Tony He

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZOM8e8u+BK3jBNrE@calendula \
    --to=pablo@netfilter.org \
    --cc=huangya90@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.