Hi,


I am trying to understand the role of 'mask' following fwmark, in the
output of command
"ip -4 rule list"

Can somebody please explain the meaning of line below in RPDB output on
android device.

13000: from all fwmark 0x101f6/0x1ffff lookup rmnet_data1


My understanding is if a packet is marked with some packet mark <12345678>,
That mark is compared against firewall mark 0x101f6/0x1ffff . If it is a
match, then routing lookup proceeds to table rmnet_data1.


Q1) What is the role of 0x101f6/0x1ffff ?

I have studied http://ipset.netfilter.org/iptables-extensions.man.html

This says that iptables MARK target

--set-mark value[/mask] Zeroes out the bits given by mask and ORs value
into the packet mark. If mask is omitted, 0xFFFFFFFF is assumed.

To be precise, (packetmark&~mask)|value is the value placed as new
packet mark using the iptables MARK target.


What is the equation for fwmark value/mask in ip rule selector command ?



Q2) How is value/mask used in context of fwmark match in RPDB ?


Complete output of "ip -4 rule list" on my android device running android M
is below


0: from all lookup local
10000: from all fwmark 0x0/0x10000 lookup legacy_system
10000: from all fwmark 0xc0000/0xd0000 lookup legacy_system
10500: from all oif dummy0 uidrange 0-0 lookup dummy0
10500: from all oif rmnet_data1 uidrange 0-0 lookup rmnet_data1
13000: from all fwmark 0x10063/0x1ffff lookup local_network
13000: from all fwmark 0x101f6/0x1ffff lookup rmnet_data1
14000: from all oif dummy0 lookup dummy0
14000: from all oif rmnet_data1 lookup rmnet_data1
15000: from all fwmark 0x0/0x10000 lookup legacy_system
16000: from all fwmark 0x0/0x10000 lookup legacy_network
17000: from all fwmark 0x0/0x10000 lookup local_network
19000: from all fwmark 0x1f6/0x1ffff lookup rmnet_data1
22000: from all fwmark 0x0/0xffff lookup rmnet_data1
23000: from all fwmark 0x0/0xffff uidrange 0-0 lookup main
32000: from all unreachable