Bug #1497
Forecast vs mark in updown gives wrong PLUTO_MARK_IN / OUT value
Start date:
03.06.2016
Due date:
Estimated time:
Affected version:
5.4.0
Resolution:
Fixed
Description
Hi all,
After trying to create a script which is based on the mark value I've found that the value of PLUTO_MARK_IN and PLUTO_MARK_OUT are always set to 4294967295/0xffffffff.
Checking a little bit in the plugins I've put some debug lines in the updown plugin and the output was:
Jun 3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark in = 4294967295/0xffffffff Jun 3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark out = 4294967295/0xffffffff
As I expected of course. But when I'm checking the iptables and also the xfrm I have:
Chain PREROUTING (policy ACCEPT 363 packets, 35332 bytes) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 0.0.0.0/0 10.100.100.1 MARK set 0x4 1113 112K MARK udp -- * * 84.X.X.250 5.X.X.8 udp spts:1025:4500 dpt:4500 MARK set 0x4
And:
src 10.100.100.1/32 dst 0.0.0.0/0 uid 0 dir in action allow index 5376 priority 2947 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2016-06-03 02:20:33 use - mark 0x4/0xffffffff tmpl src 84.x.x.250 dst 5.x.x.8 proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 0.0.0.0/0 dst 10.100.100.1/32 uid 0 dir out action allow index 5369 priority 2947 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2016-06-03 02:20:33 use - mark 0x4/0xffffffff tmpl src 5.x.x.8 dst 84.x.x.250 proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
As you can see the mark value is generated correctly in system but when is passed to the script is incorrect.
How can I fix this issue?
History
#1 Updated by Tobias Brunner about 6 years ago
- Tracker changed from Issue to Bug
- Description updated (diff)
- Status changed from New to Feedback
- Assignee set to Tobias Brunner
- Target version set to 5.5.0
- Resolution set to Fixed
I guess that's fixed with b210369314.
#2 Updated by Tobias Brunner about 6 years ago
- Status changed from Feedback to Closed