Ask Your Question

Revision history [back]

Where is the iptables MARK location in my case?

In my Server, I emptied all the iptables rules, and then add below rule:

iptables -t mangle -N DIVERT  
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1  
iptables -t mangle -A DIVERT -j ACCEPT

I can check it:

[[email protected] go-tproxy]# iptables -n -L  -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DIVERT     tcp  --  0.0.0.0/0            0.0.0.0/0            socket

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain DIVERT (1 references)
target     prot opt source               destination         
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK set 0x1
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

You see the MARK set 0x1 tag in rules, and then I useping www.demo.comand `curl -vo 1 'https://google.com' to test the data. and I capture the packages by wireshark, you can check: https://github.com/moonshineBoy/pastebin_files

I didn't find the location of the MARK set 0x1 in capture-https.pcapng, please tell me where is the MARK location.

Where is the iptables MARK location in my case?

In my Server, I emptied all the iptables rules, and then add below rule:

iptables -t mangle -N DIVERT  
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1  
iptables -t mangle -A DIVERT -j ACCEPT

I can check it:

[[email protected] go-tproxy]# iptables -n -L  -t mangle
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DIVERT     tcp  --  0.0.0.0/0            0.0.0.0/0            socket

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain DIVERT (1 references)
target     prot opt source               destination         
MARK       all  --  0.0.0.0/0            0.0.0.0/0            MARK set 0x1
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

You see the MARK set 0x1 tag in rules, and then I useping www.demo.comand `curl -vo 1 'https://google.com' to test the data. and I capture the packages by wireshark, you can check: https://github.com/moonshineBoy/pastebin_files

I didn't find the location of the MARK set 0x1 in capture-https.pcapng, please tell me where is the MARK location. location.