Netfilter MARK on tc ingress and ifb redirect

[Luciano Ruete <lruete@sequre.com.ar>]

Hi,

Im developing a FLOSS ISP solution based on iptables/tc/iproute2

2 stumbling blocks that I found in my path

1) It would be very usefull have this working

tc filter add dev eth0 parent :ffff ... action ipt -j CONNMARK --restore-mark

where :ffff is an ingress qdisc, i know that currently this is not working nor 
coded.
Is this anyhow in the sight or TODO list of the iproute2 developers to have 
connmark available in ingress?

If not, how complex will be to implement it? (ie: lines of code number)

2) For a technical reason we need to be able to do:

tc filter action mirred egress redirect dev ifbx

at least twice in the same qdisc tree or nested in the redirected ifb, now 
only the first filter matched returns. That was possible in (i think) pre 2.6.18 
kernels but changed to avoid an infinite loop.

Is there any chance to have that behavior back using a kernel flag or 
something? 

PD: Plz CC me i'm not suscribed (I try but never get the reply)

-- 
Luciano Ruete
Sequre - Sys Admin
Mitre 617, piso 7, of. 1 
+54 261 4254894
Mendoza - Argentina
http://www.sequre.com.ar/