5.4.96 arm64 kernel,ip rule with fwmark not work #16
Description
-
Check whether the policy routing and MARK are set to -----, but they do not take effect
-
It is necessary to clarify which step is the problem, and the default route in the main table can be determined by capturing the packet, and the default route to utun7 can be diverted by adding a default route to utun7 in the main table. ----- Confirm that the main table is gone
-
Then it is possible that the conditions for matching the 1001 table are not met, that is to say, the fwmark is not met, so a policy route is added at the front, and the 1001 table is unconditionally selected, and it will also return to normal at this time. ------ It means that the mark matching of the policy route is invalid
-
Then there is a problem in the mangle table of netfilter, which means that it may be a failure to mark ------ it may be a problem with netfilter
-
Mark the log on the filter table, if you mark the mangle, the content will be recorded in the kernel log, which shows that the netfilter is marked, indicating that there may be a problem with the fwmark matching of the policy route----- There is a problem with positioning the IP rule
So I didn't catch the package for IPv6 on utun7