Project

General

Profile

Bug #1497

Forecast vs mark in updown gives wrong PLUTO_MARK_IN / OUT value

Added by Adrian Ban about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Category:
charon
Target version:
Start date:
03.06.2016
Due date:
Estimated time:
Affected version:
5.4.0
Resolution:
Fixed

Description

Hi all,

After trying to create a script which is based on the mark value I've found that the value of PLUTO_MARK_IN and PLUTO_MARK_OUT are always set to 4294967295/0xffffffff.
Checking a little bit in the plugins I've put some debug lines in the updown plugin and the output was:

Jun  3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark in  = 4294967295/0xffffffff
Jun  3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark out = 4294967295/0xffffffff

As I expected of course. But when I'm checking the iptables and also the xfrm I have:

Chain PREROUTING (policy ACCEPT 363 packets, 35332 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.100.100.1         MARK set 0x4
 1113  112K MARK       udp  --  *      *       84.X.X.250       5.X.X.8          udp spts:1025:4500 dpt:4500 MARK set 0x4

And:

src 10.100.100.1/32 dst 0.0.0.0/0 uid 0
        dir in action allow index 5376 priority 2947 ptype main share any flag  (0x00000000)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec), hard 0(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2016-06-03 02:20:33 use -
        mark 0x4/0xffffffff
        tmpl src 84.x.x.250 dst 5.x.x.8
                proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel
                level required share any
                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src 0.0.0.0/0 dst 10.100.100.1/32 uid 0
        dir out action allow index 5369 priority 2947 ptype main share any flag  (0x00000000)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec), hard 0(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2016-06-03 02:20:33 use -
        mark 0x4/0xffffffff
        tmpl src 5.x.x.8 dst 84.x.x.250
                proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel
                level required share any
                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff

As you can see the mark value is generated correctly in system but when is passed to the script is incorrect.

How can I fix this issue?

History

#1 Updated by Tobias Brunner about 4 years ago

  • Tracker changed from Issue to Bug
  • Description updated (diff)
  • Status changed from New to Feedback
  • Assignee set to Tobias Brunner
  • Target version set to 5.5.0
  • Resolution set to Fixed

I guess that's fixed with b210369314.

#2 Updated by Tobias Brunner about 4 years ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF