>-----Original Message----- >From: lxc-users [mailto:[email protected]] On Behalf >Of Fajar A. Nugraha >Sent: Friday, February 20, 2015 8:18 AM >To: LXC users mailing-list >Subject: Re: [lxc-users] skb marks preserved inside container? > >On Fri, Feb 20, 2015 at 12:55 PM, Hyunseok <[email protected]> wrote: >> Hi, >> >> I was doing some experiment where I mark packets using iptables (i.e., >> --set-mark) on a host, and send the marked packets to a container running on >> the host via bridge. >> >> I noticed that the packet marking done on the host is not preserved across >> the container boundary. That is, the container does not see the packet >> marks. >> Is that an expected behavior? > >It should be that way. iptables mark does not modify anything on the >acual packet, so there will not be anything about the mark in packets >on the bridge.
Dear hs, ... therefore you have to mark the packets itself. Maybe it's passable to abuse the TOS field - it may be set and queried by iptables, too. greetings Guido _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
