Menu
What's new
By:
Filters Better Search

MARK match 0xd001 / !0x0/0xff00

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

ml70

Regular Contributor
In Asus default iptables -t nat and -t mangle are these MARK match 0xd001 entries which never seem to get matched, though? What do they do?

And in -t mangle there's also MARK match !0x0/0xff00 which never seems to get triggered either.

Observed on a RT-AC66U. Creating my own iptables rules and wondering if this is something essential and what's the proper usage. Is this mark arbitrarily chosen or has some function in Asus' hardware?
 
Last edited:
ml70 said:
In Asus default iptables -t nat and -t mangle are these MARK match 0xd001 entries which never seem to get matched, though? What do they do?

And in -t mangle there's also MARK match !0x0/0xff00 which never seems to get triggered either.

Observed on a RT-AC66U. Creating my own iptables rules and wondering if this is something essential and what's the proper usage. Is this mark arbitrarily chosen or has some function in Asus' hardware?
Click to expand...

Traffic marking allows it to bypass CTF.

Mark 0xd001 (which is not in stock firmware) is how I implemented NAT loopback (d001 is loop mirrored). It is matched in the nat table, in the POSTROUTING chain.

The other one is used by Parental Control if I recall correctly.
 
Is it known which tables are bypassed by CTF? Mark 0xd001 is the 'skip CTF' mark?
 
ml70 said:
Is it known which tables are bypassed by CTF? Mark 0xd001 is the 'skip CTF' mark?
Click to expand...

As I said, 0xd001 isn't meant specifically to bypass CTF, it's meant to identify the NAT loopback packets, so they can be NATed.

ANY marked packet will bypass CTF - that's why port forwarded packets will be marked with 0x01 (if I recall).
 
So this is why QoS doesn't work with CTF, as any QOS'd packet has a mark 1-5? This only concerns marks, with TOS (and a matching tc qdisc) it's still possible to have rudimentary QOS while CTF is on? Or does CTF bypass some/all mangle tables so it's not possible to modify TOS?

Trying to set up a working qos system but the speed of the router is rather slow without CTF, that's why the questions. Currently experimenting with Asus' default QOS complimented with a 5 band prio qdisc for TOS priority.
 
ml70 said:
So this is why QoS doesn't work with CTF, as any QOS'd packet has a mark 1-5? This only concerns marks, with TOS (and a matching tc qdisc) it's still possible to have rudimentary QOS while CTF is on? Or does CTF bypass some/all mangle tables so it's not possible to modify TOS?

Trying to set up a working qos system but the speed of the router is rather slow without CTF, that's why the questions. Currently experimenting with Asus' default QOS complimented with a 5 band prio qdisc for TOS priority.
Click to expand...

QoS doesn't work with CTF because CTF improves performance by bypassing certain parts of the Linux kernel (such as Netfilter's FORWARD chain), including those that handle the QoS. Not sure which other specific parts are bypassing, since it's closed source.
 
You must log in or register to reply here.

Similar threads

U
AX86U - port mirroring
Replies
8
Views
471
Uibbs
U
P
DCSP marking
Replies
19
Views
1K
Coldblackice
Coldblackice
M
x3mRouting Empty ipset with dnsmasq, works fine with ASN Method
Replies
18
Views
2K
Mikii
M
commodoro
DDNS Custom check External IP and refresh if necessary
Replies
0
Views
682
commodoro
commodoro
bengalih
Guest Wifi changes pre/post 386.x FW
Replies
15
Views
1K
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
V AiMesh Mix-n-Match RT-AC68U with AX/AXE ASUS Wi-Fi 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 876 (members: 24, guests: 852)
Top