>>> There is a difference respect what we were discussing i.e.: -m mark --mark >>> 42 is also in the point 3. >> >> Ah I see. So we are not using the mark matcher. Yes, that makes sense. >> When I was testing it without the mark matcher it did work for me. I >> looked at the tcmpdump. > > I can confirm that whiteout the mark matcher Connman 1.29 + patch is > also working on my side but it looks to my only by chance, there is > no match between marked packets with the device and as a consequence > with the SRC to be changed.
Can you test the patch below? With that we should at least solved the routing. If I understood you correctly, we still need to figure out why rp_filter sometimes needs to be disabled. >From 2df313ec4dac570dc378fc70a7a5f6307cd48e2e Mon Sep 17 00:00:00 2001 From: Daniel Wagner <[email protected]> Date: Thu, 3 Sep 2015 15:17:27 +0200 Subject: [PATCH] session: Install SNAT rule with mark matcher Filter the packets based on the marker and update only their routing. Reported by: Gianfranco Casanova <[email protected]> --- src/session.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/session.c b/src/session.c index 388aae7..8b695ab 100644 --- a/src/session.c +++ b/src/session.c @@ -405,8 +405,8 @@ static void add_nat_rules(struct connman_session *session) addr = __connman_ipconfig_get_local(ipconfig); id = __connman_firewall_add_rule(session->fw, "nat", "POSTROUTING", - "-o %s -j SNAT --to-source %s", - ifname, addr); + "-o %s -m mark --mark %d -j SNAT --to-source %s", + ifname, session->mark, addr); g_free(ifname); if (id < 0) { DBG("failed to add SNAT rule"); -- 2.4.3 _______________________________________________ connman mailing list [email protected] https://lists.connman.net/mailman/listinfo/connman
