[Bridge] packet mangling and qos on bridge .

ratheesh k ratheesh.ksz at gmail.com
Tue Aug 25 04:38:38 PDT 2009 

i can see problem in   2.6.22.18 ,but not in 2.6.26.8 ..... Is there
any patch available ??//






On Thu, Aug 20, 2009 at 8:58 PM, ratheesh k<ratheesh.ksz at gmail.com> wrote:
> in linux kernel  , in  net/sched/cls_fw.c  file  , fw_classify is
> called every time  tc filter  is hit .
> skb->mark is  zero when u use rules like
>
>  > iptables  -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables  -t mangle -A PREROTUING -p icmp  -s 192.168.1.0/24  -d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables  -t mangle -A FORWARD  -p icmp  -i br0 -o eth1 -j MARK --set-mark 2
>
> But if u use
>>iptables  -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
>
> the skb->mark is 2  , correct value .
>
> This problem happens only with bridge . when i tried with one of the
> interface it works perfectly .
>
> Thanks,
> Ratheesh
>
>
>
>
> On Wed, Aug 19, 2009 at 5:44 PM, ratheesh k<ratheesh.ksz at gmail.com> wrote:
>>  I have two interfaces , eth0 and ap0 bridged together to form br0 .
>> And another interfaces eth1 on wan side .
>>
>>
>>                   br0 <------------------------> eth1
>>               ( eth0 , ap0)
>>                 {  lan  }                         {wan}
>>
>> packets from lan side are nated  to eth1 .  i have qos rules on both
>> br0 and eth1 .  when i googled i found that "mangling packets on br0
>> and using fw filters wont work on linux bridge ".. Is this true ?? Can
>> you tell me why ??
>>
>> But the funny thing is i colored packets  in prerouting chain  only
>> specifying protocol ( not specifying interface )
>>
>>  iptables  -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2   and
>> i have filter rule to put  packets tat are fw marked as 2 to put into
>> some flow . This works fine , when i send an icmp packet from lan to
>> wan side !!!!!!! ??????????
>>
>> But if  try any of below rules  intsead of above ,  it wont work
>>
>> iptables  -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables  -t mangle -A PREROTUING -p icmp  -s 192.168.1.0/24  -d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables  -t mangle -A FORWARD  -p icmp  -i br0 -o eth1 -j MARK --set-mark 2
>>
>> i dont know y ????????
>>
>>  I should go for ebtables to mark packets ???????? then it will work ???
>>
>

More information about the Bridge mailing list