On Sat, 21 Jun 2025, Michael Tokarev wrote:
> On 21.06.2025 17:42, Jozsef Kadlecsik wrote:
> ..
> > However, routing decisions can be affected by marking packets. So I'd mark
> > packets before routing and use routing tables according to the mark value.
>
> The prob with replies to DNAted packets is that these packets traverse
> routing rules first, BEFORE they're seen by netfilter code. Who can
> mark them for routing if routing is done before it's in netfilter?
No, not at all. You can mark the incoming first packet, store the packet's
mark value in conntrack and restore from conntrack for the reply packets
in mangle/prerouting. Which is exactly that, before routing.
Best regards,
Jozsef
--
E-mail : kadlec@xxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
Address: Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
