Example command to set same DSCP value in the IP header for return packets within the same TCP connection

Question

I have seen connmark or ctinfo could work for this but couldn't find a simple effective command to make it work (Not familiar within this area).

The command can be applied to the TCP termination node or any linux node as intermediary router.

Kevdog777 · Accepted Answer · 2020-01-07 09:54:54Z

2

iptables -t mangle -A PREROUTING -m dscp --dscp-class AF12 -j CONNMARK --set-xmark 12
iptables -t mangle -A POSTROUTING -m connmark --mark 12 -j DSCP --set-dscp-class AF12

(not 100% dynamic as the DSCP value need to be known in advance in order to get a match)

edited Jan 7, 2020 at 9:54

Kevdog777

3,26418 gold badges45 silver badges66 bronze badges

answered Jan 7, 2020 at 9:28

user892960

1401 silver badge6 bronze badges

I'm waiting to see when this patchset lands (in linux 5.7?) if it's possible to have a generic method using nftables instead.

A.B
– A.B

2020-03-28 13:53:41 +00:00
Commented Mar 28, 2020 at 13:53

Add a comment |

Stack Exchange Network

Example command to set same DSCP value in the IP header for return packets within the same TCP connection

1 Answer 1

You must log in to answer this question.

Hot Network Questions

Example command to set same DSCP value in the IP header for return packets within the same TCP connection

1 Answer 1

You must log in to answer this question.

Related

Hot Network Questions