Re: [PATCH] Fix CONNMARK mask value demolition

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Warasin <peter@endian.com>
To: Peter Warasin <peter@endian.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] Fix CONNMARK mask value demolition
Date: Wed, 09 Jan 2008 14:37:12 +0100	[thread overview]
Message-ID: <4784CE08.1060908@endian.com> (raw)
In-Reply-To: <4780454E.3050803@endian.com>

[-- Attachment #1: Type: text/plain, Size: 976 bytes --]

Hi

I would not like to create the impression trying to do any pressure on
this topic but i recognized that my patch description maybe was a little
bit poor.
In order to make sure the patch is understood correctly, here the bug
report, of which that patch is the fix:

If you use the CONNMARK target, it makes a difference if you have the -j
option as last option or before the matches.


iptables -t mangle -N test

This works:
iptables -v -t mangle -I test -m connmark --mark 7 -j CONNMARK
--set-mark 0x7/0xf
CONNMARK  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  CONNMARK match
0x7 CONNMARK set 0x7/0xf

This not:
iptables -v -t mangle -I test -j CONNMARK --set-mark 0x7/0xf -m connmark
--mark 7
CONNMARK  all opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0  CONNMARK match
0x7 CONNMARK set 0x7

In the second call, the CONNMARK mask (0xf) will be eaten.

peter

-- 
:: e n d i a n
:: open source - open minds

:: peter warasin
:: http://www.endian.com   :: peter@endian.com

[-- Attachment #2: peter.vcf --]
[-- Type: text/x-vcard, Size: 279 bytes --]

begin:vcard
fn:Peter Warasin
n:;Peter Warasin
org:Endian GmbH/Srl
adr:;;Pillhof 47;Frangart/Frangarto;BZ;I-39010;Italien/Italia
email;internet:peter@endian.com
tel;work:+39 0471 631763
tel;fax:+39 0471 631764
x-mozilla-html:FALSE
url:http://www.endian.com
version:2.1
end:vcard

next prev parent reply	other threads:[~2008-01-09 13:37 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-06  3:04 [PATCH] Fix CONNMARK mask value demolition Peter Warasin
2008-01-09 13:37 ` Peter Warasin [this message]
2008-01-15  7:04 ` Patrick McHardy
2008-01-15 11:45   ` [PATCH v2] " Peter Warasin
2008-01-15 15:46     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4784CE08.1060908@endian.com \
    --to=peter@endian.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.