* [PATCH 2.4.21-pre4] Propagate netfilter MARK value when tunneling
@ 2003-03-11 11:18 Erik Hensema
0 siblings, 0 replies; only message in thread
From: Erik Hensema @ 2003-03-11 11:18 UTC (permalink / raw)
To: netdev; +Cc: LARTC, Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 740 bytes --]
This patch enables the user to propagate netfilter MARK values from
tunneled packets to the tunnel packets. The primary use for this is QoS: it
enables you to MARK a packet before it enters a tunnel and then later pick
up the packet when it's about to leave the physical interface.
jamal <hadi@cyberus.ca> suggested to also propagate other skb specifics
like the tcindex and priority. I haven't included these in the current
patch for the very simple reason that I don't understand what they mean ;-)
The patch is currently limited to GRE, IPIP and SIT.
Patch is attached to this mail, but also can be downloaded from
http://dexter.hensema.net/~erik/patches/netfilter-propagate-mark-2.4.21-pre4.diff
--
Erik Hensema (erik@hensema.net)
[-- Attachment #2: netfilter-propagate-mark-2.4.21-pre4.diff --]
[-- Type: text/plain, Size: 2480 bytes --]
--- ../linux-2.4.21-pre4/net/Config.in Sat Aug 3 02:39:46 2002
+++ net/Config.in Tue Mar 11 12:08:29 2003
@@ -13,6 +13,7 @@
bool 'Network packet filtering (replaces ipchains)' CONFIG_NETFILTER
if [ "$CONFIG_NETFILTER" = "y" ]; then
bool ' Network packet filtering debugging' CONFIG_NETFILTER_DEBUG
+ bool ' Propagate netfilter MARK value when tunneling' CONFIG_NETFILTER_PROPAGATE_MARK
fi
bool 'Socket Filtering' CONFIG_FILTER
tristate 'Unix domain sockets' CONFIG_UNIX
--- ../linux-2.4.21-pre4/net/ipv4/ipip.c Fri Nov 29 00:53:15 2002
+++ net/ipv4/ipip.c Tue Mar 11 11:58:50 2003
@@ -619,6 +619,9 @@
}
if (skb->sk)
skb_set_owner_w(new_skb, skb->sk);
+#ifdef CONFIG_NETFILTER_PROPAGATE_MARK
+ new_skb->nfmark = skb->nfmark;
+#endif
dev_kfree_skb(skb);
skb = new_skb;
}
--- ../linux-2.4.21-pre4/net/ipv4/ip_gre.c Fri Nov 29 00:53:15 2002
+++ net/ipv4/ip_gre.c Tue Mar 11 11:59:07 2003
@@ -822,6 +822,9 @@
}
if (skb->sk)
skb_set_owner_w(new_skb, skb->sk);
+#ifdef CONFIG_NETFILTER_PROPAGATE_MARK
+ new_skb->nfmark = skb->nfmark;
+#endif
dev_kfree_skb(skb);
skb = new_skb;
}
--- ../linux-2.4.21-pre4/net/ipv6/sit.c Fri Nov 29 00:53:15 2002
+++ net/ipv6/sit.c Tue Mar 11 11:59:20 2003
@@ -571,6 +571,9 @@
}
if (skb->sk)
skb_set_owner_w(new_skb, skb->sk);
+#ifdef CONFIG_NETFILTER_PROPAGATE_MARK
+ new_skb->nfmark = skb->nfmark;
+#endif
dev_kfree_skb(skb);
skb = new_skb;
}
--- ../linux-2.4.21-pre4/Documentation/Configure.help Wed Feb 26 10:51:16 2003
+++ Documentation/Configure.help Tue Mar 11 12:05:37 2003
@@ -2507,6 +2507,22 @@
You can say Y here if you want to get additional messages useful in
debugging the netfilter code.
+Propagate netfilter MARK value when tunneling
+CONFIG_NETFILTER_PROPAGATE_MARK
+ With this option enabled, netfilter MARK values are propagated from
+ tunneled packets to the tunnel packets. It enables you to trace
+ packets from before they enter the tunnel to the point where they
+ leave the physical interface.
+
+ One of the possible uses is marking packets for QoS before they
+ enter a tunnel. These mark values can then be picked up by filters
+ defined by the "tc" utility when they're about the leave the
+ physical interface.
+
+ This option currently works for GRE, IPIP and SIT tunnels.
+
+ If unsure, say N.
+
Connection tracking (required for masq/NAT)
CONFIG_IP_NF_CONNTRACK
Connection tracking keeps a record of what packets have passed
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2003-03-11 11:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-11 11:18 [PATCH 2.4.21-pre4] Propagate netfilter MARK value when tunneling Erik Hensema
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).