I have to aggregate all packets marked by iptables like this: iptables -t mangle -A FORWARD -s 91.196.76.32/27 -j MARK --set-mark 5 ...and also some amount of mark rules.
But I didn't find any information about libpcap/tcpdump expression for iptables' marks. There is some BSD's pf marks but I'm running Linux. Now I resolved this task, but I think this is not very good idea: aggregate_filter[city]: dst net 192.168.2.0/24 and src net (195.158.8.32/30 or 195.158.5.4/30 or ... [also very lot of nets] ... or 89.146.64.0/18) -- Alexander Merniy _______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
