[lxc-users] skb marks preserved inside container?
Fajar A. Nugraha
list at fajar.net
Fri Feb 20 07:17:30 UTC 2015
On Fri, Feb 20, 2015 at 12:55 PM, Hyunseok <hyunseok at ieee.org> wrote:
> Hi,
>
> I was doing some experiment where I mark packets using iptables (i.e.,
> --set-mark) on a host, and send the marked packets to a container running on
> the host via bridge.
>
> I noticed that the packet marking done on the host is not preserved across
> the container boundary. That is, the container does not see the packet
> marks.
> Is that an expected behavior?
It should be that way. iptables mark does not modify anything on the
acual packet, so there will not be anything about the mark in packets
on the bridge.
--
Fajar
More information about the lxc-users
mailing list