What are valid and meaningful values for SO_MARK
? I found some projects use int
, some unsigned int
(dnsmasq):
unsigned int mark;
if (get_incoming_mark(&forward->frec_src.source, &forward->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
I suppose using unsigned int
is correct (thus this PR for ping
is probably correct: https://github.com/iputils/iputils/pull/345). But ping
allows user to specify SO_MARK
, thus I'd like to also add check for valid input.
Also, can I see SO_MARK
setup in wireshark/tcpdump output?
CodePudding user response:
The struct sock
structure used by the kernel for sockets defines the field set by SO_MARK
as: __u32 sk_mark
. So I'd say any uint32_t
is a meaningful value for this option.
Also, can I see
SO_MARK
setup in wireshark/tcpdump output?
AFAIK no, the mark
is not actually set on the packets (at any layer), it's just set on internal kernel structures used to manage the socket (struct sock
) and packet control information (struct sk_buff
). You will not see it "on the wire".
You could however use iptables
to log marked packets to dmesg, like this answer on Unix & Linux SE suggests:
$ sudo iptables -A INPUT -m mark ! --mark 0 -m limit --limit 8/min --limit-burst 12 -j LOG --log-prefix "IPTables-Marks: "
$ ./send-some-marked-packets ...
$ sudo dmesg
...
[27448.839237] IPTables-Marks: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=31 TOS=0x00 PREC=0x00 TTL=64 ID=45988 DF PROTO=UDP SPT=40656 DPT=12345 LEN=11 MARK=0xcc