shorewall-users January 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] MARK accounting packet co

Re: [Shorewall-users] MARK accounting packet counts do not match mangle or tc

From: David Koscinski <dmkoscinski_at_nospam>
Date: Mon Jan 30 2012 - 21:47:32 GMT
To: Shorewall Users <shorewall-users@lists.sourceforge.net>

On Mon, Jan 30, 2012 at 2:36 PM, Tom Eastep <teastep@shorewall.net> wrote:

> On Mon, 2012-01-30 at 14:18 -0600, David Koscinski wrote:
>
> > >>I'm not following you.
> > I mean that when I using /etc/shorewall/accounting I am seeing stats
> > based on what the MARK was before POSTROUTING. Since I want to know
> > what the final MARK was as the packets leave eth0, I cannot
> > use /etc/shorewall/accounting.
>
> Why will the mark change? So long as you don't use :T marks, your
> marking will occur before accounting.
>
> >
> > >>That isn't going to work. When ACCOUNTING_TABLE=mangle, accounting
> > occurs before marking.
> > So it appears that I cannot use /etc/shorewall/accounting to track
> > what the final MARK was on outgoing packets regardless of whether I do
> > accounting in filter or mangle. POSTROUTING tcrules can conceivably
> > change the MARK after accounting has been done.
>
> Not if you don't have such rules.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
>
> ------------------------------------------------------------------------------
> Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
Yes, I see. I just have to remember that distinction. I guess I can just
put a comment in tcrules to remind myself that :T marks can't be seen in
accounting.

Thank you very much for the info today.

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users