What are valid and meaningful values for SO_MARK? I found some projects use int, some unsigned int (dnsmasq):
unsigned int mark;
if (get_incoming_mark(&forward->frec_src.source, &forward->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
I suppose using unsigned int is correct (thus this PR for ping is probably correct: https://github.com/iputils/iputils/pull/345). But ping allows user to specify SO_MARK, thus I'd like to also add check for valid input.
Also, can I see SO_MARK setup in wireshark/tcpdump output?
CodePudding user response:
The struct sock structure used by the kernel for sockets defines the field set by SO_MARK as: __u32 sk_mark. So I'd say any uint32_t is a meaningful value for this option.
Also, can I see
SO_MARKsetup in wireshark/tcpdump output?
AFAIK no, the mark is not actually set on the packets (at any layer), it's just set on internal kernel structures used to manage the socket (struct sock) and packet control information (struct sk_buff). You will not see it "on the wire".
You could however use iptables to log marked packets to dmesg, like this answer on Unix & Linux SE suggests:
$ sudo iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
$ ./send-some-marked-packets ...
$ sudo dmesg
...
[27448.839237] IPTables-Marks: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=31 TOS=0x00 PREC=0x00 TTL=64 ID=45988 DF PROTO=UDP SPT=40656 DPT=12345 LEN=11 MARK=0xcc