Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

how many marks on a packet

Locked
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Dec 14, 2014 4:23 pm

how many marks on a packet

Sat Jan 03, 2015 8:19 pm

Can one use mangle to set more than one packet-mark , connection-mark etc on a packet/connection?

If so, what is the limit?

Is there a way to print/log packets with all the marks they have (for testing)?
Top
 
User avatar
jacekes
Member Candidate
Member Candidate
Posts: 167
Joined: Tue Aug 30, 2011 9:34 am
Location: Poznan, Poland
Contact:
Contact jacekes

Re: how many marks on a packet

Sat Jan 03, 2015 8:42 pm

As far as I remember, one mark of each type can be used.
So a packet can have a packet mark, be part of a marked connection and be routed accordingly to a routing mark.
Last edited by jacekes on Fri Jan 09, 2015 2:02 pm, edited 1 time in total.
Top
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Dec 14, 2014 4:23 pm

Re: how many marks on a packet

Sun Jan 04, 2015 4:37 am

Ok obvious next question.: action=mark* is then a terminal action right?
Top
 
User avatar
boen_robot
Forum Guru
Forum Guru
Posts: 2400
Joined: Thu Aug 31, 2006 4:43 pm
Location: europe://Bulgaria/Plovdiv

Re: how many marks on a packet

Sun Jan 04, 2015 5:26 am

I thought that there can be multiple marks applied on the packet... But that it's just that the first mark matched is processed. Whether further marks are added/matched is determined by whether the firewall action has "passthrough", so that further rules can be applied.

(But I haven't experimented too much myself, nor I can find a definitive answer about that in the manual...)
Top
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Dec 14, 2014 4:23 pm

Re: how many marks on a packet

Fri Jan 09, 2015 9:01 am

Ok. it seems there can only ever be one connection-mark and one routing mark.

I tested like this:
Code: Select all
/ip firewall mangle> print chain=prerouting
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=prerouting action=mark-connection new-connection-mark=CM1 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 1    chain=prerouting action=mark-connection new-connection-mark=CM2 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 2    chain=prerouting action=mark-connection new-connection-mark=CM3 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 3    chain=prerouting action=mark-connection new-connection-mark=CM4 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 4    chain=prerouting action=mark-connection new-connection-mark=CM5 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 5    chain=prerouting action=mark-connection new-connection-mark=CM6 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 6    chain=prerouting action=mark-connection new-connection-mark=CM7 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 7    chain=prerouting action=mark-packet new-packet-mark=Test1 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 8    chain=prerouting action=mark-packet new-packet-mark=Test2 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
 9    chain=prerouting action=mark-packet new-packet-mark=Test3 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
10    chain=prerouting action=mark-packet new-packet-mark=Test4 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
11    chain=prerouting action=mark-packet new-packet-mark=Test5 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
12    chain=prerouting action=mark-packet new-packet-mark=Test6 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
13    chain=prerouting action=mark-packet new-packet-mark=Test7 passthrough=yes src-address=192.168.0.4 log=no log-prefix=""
and
Code: Select all
/ip firewall filter> print chain=dump-marks
Flags: X - disabled, I - invalid, D - dynamic
 0    chain=dump-marks action=log packet-mark=Test1 log=no log-prefix="P-M: Test1"
 1    chain=dump-marks action=log packet-mark=Test2 log=no log-prefix="P-M: Test2"
 2    chain=dump-marks action=log packet-mark=Test3 log=no log-prefix="P-M: Test3"
 3    chain=dump-marks action=log packet-mark=Test4 log=no log-prefix="P-M: Test4"
 4    chain=dump-marks action=log packet-mark=Test5 log=no log-prefix="P-M: Test5"
 5    chain=dump-marks action=log packet-mark=Test6 log=no log-prefix="P-M: Test6"
 6    chain=dump-marks action=log packet-mark=Test7 log=no log-prefix="P-M: Test7"
 7    chain=dump-marks action=log packet-mark=Test8 log=no log-prefix="P-M: Test8"
 8    chain=dump-marks action=log packet-mark=Test9 log=no log-prefix="P-M: Test9"
 9    chain=dump-marks action=log packet-mark=Test10 log=no log-prefix="P-M: Test10"
10    chain=dump-marks action=log packet-mark=Test11 log=no log-prefix="P-M: Test11"
11    chain=dump-marks action=log packet-mark=Test12 log=no log-prefix="P-M: Test12"
12    chain=dump-marks action=log packet-mark=Test13 log=no log-prefix="P-M: Test13"
13    chain=dump-marks action=log packet-mark=Test14 log=no log-prefix="P-M: Test14"
14    chain=dump-marks action=log packet-mark=Test15 log=no log-prefix="P-M: Test15"
15    chain=dump-marks action=log packet-mark=Test16 log=no log-prefix="P-M: Test16"
16    chain=dump-marks action=log packet-mark=Test17 log=no log-prefix="P-M: Test17"
17    chain=dump-marks action=log packet-mark=Test18 log=no log-prefix="P-M: Test18"
18    chain=dump-marks action=log connection-mark=CM1 log=no log-prefix="C-M: CM1"
19    chain=dump-marks action=log connection-mark=CM2 log=no log-prefix="C-M: CM2"
20    chain=dump-marks action=log connection-mark=CM3 log=no log-prefix="C-M: CM3"
21    chain=dump-marks action=log connection-mark=CM4 log=no log-prefix="C-M: CM4"
22    chain=dump-marks action=log connection-mark=CM5 log=no log-prefix="C-M: CM5"
23    chain=dump-marks action=log connection-mark=CM6 log=no log-prefix="C-M: CM6"
and early in the input chain I have:
Code: Select all
 3    chain=input action=jump jump-target=dump-marks log=no log-prefix=""
[/CODE}

This results in
[CODE]
14:53:04 firewall,info P-M: Test7 dump-marks: in:bridge-local out:(none), src-mac 10:9a:dd:60:aa:fa, proto ICMP (type 8, code 0), 192.168.0.4->192.168.0.233, len 84
14:53:04 firewall,info C-M: CM7 dump-marks: in:bridge-local out:(none), src-mac 10:9a:dd:60:aa:fa, proto ICMP (type 8, code 0), 192.168.0.4->192.168.0.233, len 84
As one can see, only the last assigned mark survived.

I find this somewhat of a disadvantage. It would have been useful had there been a way to have multiple marks, so that one can classify traffic by several criteria at the same time, so that several chains can do their own thing with it, without having to manage a separate mark for each combination of factors..
Top
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1076
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:
Contact Caci99

Re: how many marks on a packet

Fri Jan 09, 2015 2:01 pm

Well, a packet can have only one mark, but if you are trying to achieve some QOS you should definitely know the flow diagram. You can a mark packet in prerouting chain and apply that mark in global-in queue, and then remark the packet in forward chain to apply it in global out queue.
http://wiki.mikrotik.com/wiki/Manual:Packet_Flow
Check the Janis Megis explanation on double QOS
http://mum.mikrotik.com/presentations/U ... is_qos.pdf
Top
Locked
  4. RouterOS
  5. Beginner Basics