From: Brian Austin - Standard Universal <brian@standarduniversal.com.au>
To: julien vehent <julien@linuxwall.info>
Cc: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Log MARK value
Date: Thu, 25 Sep 2008 07:13:48 +1000 [thread overview]
Message-ID: <48DAAD8C.2080302@standarduniversal.com.au> (raw)
In-Reply-To: <66c343c00809240856n58cdcfd4qd255b4deb80d0ed4@mail.gmail.com>
julien vehent wrote:
> Hi There,
>
> I'm trying to debug some rules and would like to LOG the mark value
> assigned to a packet.
> The LOG target doesn't give this information, even in debug level. I
> tried ULOG but apparently it's the same thing.
> /proc/net/ip_conntrack shows a "mark" field that stays at zero,
> whatever I change in my rules.
>
> I found a commit from Patrick McHardy on this subject :
> http://kerneltrap.org/mailarchive/git-commits-head/2008/4/19/1508664
>
> Has this been commited yet ? If yes, how can I use it ?
> My current kernel version is Linux 2.6.18-6-686.
>
> The test rule : iptables -t mangle -A INPUT -p tcp --dport 22 -j MARK
> --set-mark 0x5
>
> What's seen on the system :
>
> arael:/proc/net# cat ip_conntrack|grep dport=22
> tcp 6 431999 ESTABLISHED src=[IP SRC] dst=[IP DST] sport=3874
> dport=22 packets=2585 bytes=165320 src=[IP SRC] dst=[IP DST] sport=22
> dport=3874 packets=2483 bytes=637896 [ASSURED] mark=0 use=1
>
> arael:/proc/net# iptables -L -v -t mangle
> Chain INPUT (policy ACCEPT 1074K packets, 448M bytes)
> pkts bytes target prot opt in out source destination
> 360 27348 MARK tcp -- any any anywhere
> anywhere tcp dpt:ssh MARK set 0x5
>
> arael:/proc/net# tail -n 1 /var/log/syslog
> Jul 18 20:27:07 arael kernel: IN=eth0 OUT=
> MAC=00:0c:29:f8:19:1a:00:15:60:98:aa:6b:08:00 SRC=[IP SRC] DST=[IP
> DST] LEN=92 TOS=0x00 PREC=0x00 TTL=128 ID=21023 DF PROTO=TCP SPT=3874
> DPT=22 WINDOW=63732 RES=0x00 ACK PSH URGP=0
>
>
> Regards,
> Julien
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
you need to save the mark for it to appear in the ip_conntrack list.
iptables -t mangle -A INPUT -p tcp --dport 22 -j MARK --set-mark 0x5
iptables -t mangle -A INPUT -p tcp --dport 22 -j CONNMARK --save-mark
you need patch and compile kernel source to see it in syslog
patch net/ipv4/netfilter/ipt_LOG.c like this...
@@ -56,6 +56,8 @@
printk("SRC=%u.%u.%u.%u DST=%u.%u.%u.%u ",
NIPQUAD(ih->saddr), NIPQUAD(ih->daddr));
+ printk("FWMARK=%u ", (unsigned int)skb->mark);
+
/* Max length: 46 "LEN=65535 TOS=0xFF PREC=0xFF TTL=255 ID=65535 " */
printk("LEN=%u TOS=0x%02X PREC=0x%02X TTL=%u ID=%u ",
ntohs(ih->tot_len), ih->tos & IPTOS_TOS_MASK,
regards
b
prev parent reply other threads:[~2008-09-24 21:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-24 15:56 Log MARK value julien vehent
2008-09-24 21:13 ` Brian Austin - Standard Universal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48DAAD8C.2080302@standarduniversal.com.au \
--to=brian@standarduniversal.com.au \
--cc=julien@linuxwall.info \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox