I’m testing mangle packet marks with queues, for my QoS setup. This is meant to mark all packets bound for the outside interface (disabled bits excluded):
/ip firewall mangle
add action=mark-packet chain=forward new-packet-mark=bulk out-interface=ether1-gateway packet-mark=no-mark passthrough=no
add action=mark-packet chain=output new-packet-mark=bulk out-interface=ether1-gateway packet-mark=no-mark passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=bulk out-interface=ether1-gateway packet-mark=no-mark passthrough=no
and put them through the “bulk” queue and “ether1” parent queue:
/queue tree
add max-limit=3686k name=ether1 parent=ether1-gateway queue=default
add max-limit=3686k name=default packet-mark=no-mark parent=ether1 priority=1 queue=default
add max-limit=3686k name=bulk packet-mark=bulk parent=ether1 priority=1 queue=default
These rules seem to be catching stuff as expected:
/ip firewall mangle print stats
Flags: X - disabled, I - invalid, D - dynamic
# CHAIN ACTION BYTES PACKETS
12 forward mark-packet 10 848 027 90 771
13 output mark-packet 2 717 39
14 postrouting mark-packet 0 0
So I would expect everything to have the “bulk” mark and land in the bulk queue, but a sizable fraction of packets apparently still have “no-mark:”
/queue tree print stats
0 name="ether1" parent=ether1-gateway packet-mark="" rate=86528 packet-rate=50 queued-bytes=0 queued-packets=0 bytes=7403538 packets=71331 dropped=0
3 name="default" parent=ether1 packet-mark=no-mark rate=680 packet-rate=0 queued-bytes=0 queued-packets=0 bytes=43128 packets=134 dropped=0
4 name="bulk" parent=ether1 packet-mark=bulk rate=85840 packet-rate=50 queued-bytes=0 queued-packets=0 bytes=7360410 packets=71197 dropped=0
So what gives? Where are those packets sneaking through?