Bug #1497: Forecast vs mark in updown gives wrong PLUTO_MARK_IN / OUT value - strongSwan

Bug #1497

Forecast vs mark in updown gives wrong PLUTO_MARK_IN / OUT value

Added by Adrian Ban about 6 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

charon

Target version:

5.5.0

Start date:

03.06.2016

Due date:

Estimated time:

Affected version:

5.4.0

Resolution:

Fixed

Description

Hi all,

After trying to create a script which is based on the mark value I've found that the value of PLUTO_MARK_IN and PLUTO_MARK_OUT are always set to 4294967295/0xffffffff.
Checking a little bit in the plugins I've put some debug lines in the updown plugin and the output was:

Jun  3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark in  = 4294967295/0xffffffff
Jun  3 02:26:05 sr-BUH-R2 charon: 04[CHD] updown: mark out = 4294967295/0xffffffff

As I expected of course. But when I'm checking the iptables and also the xfrm I have:

Chain PREROUTING (policy ACCEPT 363 packets, 35332 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  *      *       0.0.0.0/0            10.100.100.1         MARK set 0x4
 1113  112K MARK       udp  --  *      *       84.X.X.250       5.X.X.8          udp spts:1025:4500 dpt:4500 MARK set 0x4

And:

src 10.100.100.1/32 dst 0.0.0.0/0 uid 0
        dir in action allow index 5376 priority 2947 ptype main share any flag  (0x00000000)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec), hard 0(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2016-06-03 02:20:33 use -
        mark 0x4/0xffffffff
        tmpl src 84.x.x.250 dst 5.x.x.8
                proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel
                level required share any
                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src 0.0.0.0/0 dst 10.100.100.1/32 uid 0
        dir out action allow index 5369 priority 2947 ptype main share any flag  (0x00000000)
        lifetime config:
          limit: soft (INF)(bytes), hard (INF)(bytes)
          limit: soft (INF)(packets), hard (INF)(packets)
          expire add: soft 0(sec), hard 0(sec)
          expire use: soft 0(sec), hard 0(sec)
        lifetime current:
          0(bytes), 0(packets)
          add 2016-06-03 02:20:33 use -
        mark 0x4/0xffffffff
        tmpl src 5.x.x.8 dst 84.x.x.250
                proto esp spi 0x00000000(0) reqid 4(0x00000004) mode tunnel
                level required share any
                enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff

As you can see the mark value is generated correctly in system but when is passed to the script is incorrect.

How can I fix this issue?

History

#1 Updated by Tobias Brunner about 6 years ago

Tracker changed from Issue to Bug
Description updated (diff)
Status changed from New to Feedback
Assignee set to Tobias Brunner
Target version set to 5.5.0
Resolution set to Fixed

I guess that's fixed with b210369314.

#2 Updated by Tobias Brunner about 6 years ago

Status changed from Feedback to Closed

Also available in: Atom PDF

Project

General

Profile

strongSwan

Issues

Bug #1497

Forecast vs mark in updown gives wrong PLUTO_MARK_IN / OUT value

History

#1 Updated by Tobias Brunner about 6 years ago

#2 Updated by Tobias Brunner about 6 years ago