how to set mark using host bits ?

how to set mark using host bits ?

[Mircea Croitor]

Hello,

I want to know if there is an extension for iptables which allows automating
setting of mark in the mangle table, using last n bits of source ip, with an
optional offset, to do something like :

(the network is 192.168.0.0/20, offset 0x100)

192.168.0.0 will have mark 0x100
192.168.0.1 will have mark 0x101
...
192.168.2.0 will have mark 0x300
...
192.168.15.255 will have mark 0x10FF

This setting of mark should be done on a single rule, since the mark is computed
from host bits and offset.
It is useful for efficient upload limiting, when SNAT is used, since the source
IP is replaced before tc filters see the packet, but I'm sure you knew that. By
the way, this kind of auto matching is possible on tc filters, using "hashed
filters".

Re: how to set mark using host bits ?

[Alexandru Dragoi]

Mircea Croitor wrote:
> Hello,
>
> I want to know if there is an extension for iptables which allows automating
> setting of mark in the mangle table, using last n bits of source ip, with an
> optional offset, to do something like :
>
> (the network is 192.168.0.0/20, offset 0x100)
>
> 192.168.0.0 will have mark 0x100
> 192.168.0.1 will have mark 0x101
> ...
> 192.168.2.0 will have mark 0x300
> ...
> 192.168.15.255 will have mark 0x10FF
>
> This setting of mark should be done on a single rule, since the mark is computed
> from host bits and offset.
> It is useful for efficient upload limiting, when SNAT is used, since the source
> IP is replaced before tc filters see the packet, but I'm sure you knew that. By
> the way, this kind of auto matching is possible on tc filters, using "hashed
> filters".
>
>
>
>   
There was a target called IPMARK for doing that in pach-o-matic-ng. Try 
using older snapshots, or maybe new kernels already include it.