All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] howto mark packets
@ 2003-11-24 15:16 Cezar Atanasiu
  2003-11-24 15:43 ` Eric Leblond
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Cezar Atanasiu @ 2003-11-24 15:16 UTC (permalink / raw)
  To: lartc


  Hi folks,

  Basically I have this :


   |Router A| ----- ethernet --- | SWITCH | --- ethernet ---- |ROUTER B|

  What I need : to mark packets passing through "ROUTER A" in such way
that the marks remain until they reach "ROUTER B", so that the router
can decide what to do with them based on the first router's mark. 

  The questions : 

  1. can that be done ?
  2. if the answer to the first q. is yes, can that be done w/o patching
the kernel on the first router w/ experimental patches ?



	  Thankyou,

	    Cezar Atanasiu

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [LARTC] howto mark packets
  2003-11-24 15:16 [LARTC] howto mark packets Cezar Atanasiu
@ 2003-11-24 15:43 ` Eric Leblond
  2003-11-24 16:03 ` Cezar Atanasiu
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Eric Leblond @ 2003-11-24 15:43 UTC (permalink / raw)
  To: lartc

[-- Attachment #1: Type: text/plain, Size: 609 bytes --]

Le lun 24/11/2003 à 16:16, Cezar Atanasiu a écrit :
>   Hi folks,
>   The questions : 
> 
>   1. can that be done ?

not that way, fw mark are lost when you leave the computer

>   2. if the answer to the first q. is yes, can that be done w/o patching
> the kernel on the first router w/ experimental patches ?

you can do that in a "capillotracté" way (such an idea) by using tunnels
(gre or ipip)  and doing some iproute2 an A do push packet in a tunnel
corresponding to their mark and have B route by interface.

BR,
-- 
Eric Leblond
NuFW, Now User Filtering Works (http://www.nufw.org)

[-- Attachment #2: Ceci est une partie de message numériquement signée. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [LARTC] howto mark packets
  2003-11-24 15:16 [LARTC] howto mark packets Cezar Atanasiu
  2003-11-24 15:43 ` Eric Leblond
@ 2003-11-24 16:03 ` Cezar Atanasiu
  2003-11-24 17:02 ` lartc
  2003-11-24 21:52 ` Dick Shorter
  3 siblings, 0 replies; 5+ messages in thread
From: Cezar Atanasiu @ 2003-11-24 16:03 UTC (permalink / raw)
  To: lartc

On Mon, 24 Nov 2003 16:43:40 +0100
Eric Leblond <eric@regit.org> wrote:

> Le lun 24/11/2003 à 16:16, Cezar Atanasiu a écrit :
> >   Hi folks,
> >   The questions : 
> > 
> >   1. can that be done ?
> 
> not that way, fw mark are lost when you leave the computer

 I know, that is why I asked.

> 
> >   2. if the answer to the first q. is yes, can that be done w/o
> >   patching
> > the kernel on the first router w/ experimental patches ?
> 
> you can do that in a "capillotracté" way (such an idea) by using
> tunnels(gre or ipip)  and doing some iproute2 an A do push packet in a
> tunnel corresponding to their mark and have B route by interface.

 Hmm, that would become too complicated. There is no other way ? 

> 
> BR,
> -- 
> Eric Leblond
> NuFW, Now User Filtering Works (http://www.nufw.org)
> 


-- 
Cezar ATANASIU
GMB Computers
Departamentul Internet
Tel/fax: +40 241 619222/673199     

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [LARTC] howto mark packets
  2003-11-24 15:16 [LARTC] howto mark packets Cezar Atanasiu
  2003-11-24 15:43 ` Eric Leblond
  2003-11-24 16:03 ` Cezar Atanasiu
@ 2003-11-24 17:02 ` lartc
  2003-11-24 21:52 ` Dick Shorter
  3 siblings, 0 replies; 5+ messages in thread
From: lartc @ 2003-11-24 17:02 UTC (permalink / raw)
  To: lartc

hi cezar,

why not use the TOS mark -- it is carried in the packet's tcp header ...
you can only have 8 types/marks however ...

cheers

charles





On Mon, 2003-11-24 at 17:03, Cezar Atanasiu wrote:
> On Mon, 24 Nov 2003 16:43:40 +0100
> Eric Leblond <eric@regit.org> wrote:
> 
> > Le lun 24/11/2003 à 16:16, Cezar Atanasiu a écrit :
> > >   Hi folks,
> > >   The questions : 
> > > 
> > >   1. can that be done ?
> > 
> > not that way, fw mark are lost when you leave the computer
> 
>  I know, that is why I asked.
> 
> > 
> > >   2. if the answer to the first q. is yes, can that be done w/o
> > >   patching
> > > the kernel on the first router w/ experimental patches ?
> > 
> > you can do that in a "capillotracté" way (such an idea) by using
> > tunnels(gre or ipip)  and doing some iproute2 an A do push packet in a
> > tunnel corresponding to their mark and have B route by interface.
> 
>  Hmm, that would become too complicated. There is no other way ? 
> 
> > 
> > BR,
> > -- 
> > Eric Leblond
> > NuFW, Now User Filtering Works (http://www.nufw.org)
> > 
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread
* RE: [LARTC] howto mark packets
  2003-11-24 15:16 [LARTC] howto mark packets Cezar Atanasiu
                   ` (2 preceding siblings ...)
  2003-11-24 17:02 ` lartc
@ 2003-11-24 21:52 ` Dick Shorter
  3 siblings, 0 replies; 5+ messages in thread
From: Dick Shorter @ 2003-11-24 21:52 UTC (permalink / raw)
  To: lartc

In answer to CA's question and EL's response,

Along the same lines, if you encapsulated the marked packet (IP in IP) and set (mangled) the TOS bits in the envelope packet, they could carry the mark without modifying the original packet. Would be a completely non-standard usage of the TOS bits (unless they happened to correspond to the reasons that you are marking packets,;>), but - since they wouldn't get out of your area of responsibility, it might provide an easy-to-setup-and-manage alternative. You would only need one "tunnel" that way, not one for each type of mark...

Of course, you could always filter the packet in user-land, encapsulating in an envelope with the mark data, and re-filter again at the second router (again in user-land), to de-cap and re-mark. No kernel patches needed...

Dick Shorter
dicks@jetsoft.com

-----Original Message <editted> -----
Subject: Re: [LARTC] howto mark packets


>   2. if the answer to the first q. is yes, can that be done w/o patching
> the kernel on the first router w/ experimental patches ?

you can do that in a "capillotracté" way (such an idea) by using tunnels
(gre or ipip)  and doing some iproute2 an A do push packet in a tunnel
corresponding to their mark and have B route by interface.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-11-24 21:52 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-11-24 15:16 [LARTC] howto mark packets Cezar Atanasiu
2003-11-24 15:43 ` Eric Leblond
2003-11-24 16:03 ` Cezar Atanasiu
2003-11-24 17:02 ` lartc
2003-11-24 21:52 ` Dick Shorter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.