From: Jan Engelhardt <jengelh@medozas.de>
To: kaber@trash.net
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH 08/21] libxt_dscp: restore inversion support
Date: Sun, 21 Aug 2011 13:09:23 +0200 [thread overview]
Message-ID: <1313924977-8623-9-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1313924977-8623-1-git-send-email-jengelh@medozas.de>
References: Dave Täht via netfilter-devel on 2011-08-20 14:40:11 -0700
References: <CAA93jw6mpDL6rLXM+9SpAhafkDdKoSfhAxU8UM87vUqjuzjYJw@mail.gmail.com>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
extensions/libxt_dscp.c | 5 +++--
tests/options-most.rules | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/extensions/libxt_dscp.c b/extensions/libxt_dscp.c
index 69533d6..02b22a4 100644
--- a/extensions/libxt_dscp.c
+++ b/extensions/libxt_dscp.c
@@ -43,9 +43,10 @@ static void dscp_help(void)
static const struct xt_option_entry dscp_opts[] = {
{.name = "dscp", .id = O_DSCP, .excl = F_DSCP_CLASS,
.type = XTTYPE_UINT8, .min = 0, .max = XT_DSCP_MAX,
- .flags = XTOPT_PUT, XTOPT_POINTER(struct xt_dscp_info, dscp)},
+ .flags = XTOPT_INVERT | XTOPT_PUT,
+ XTOPT_POINTER(struct xt_dscp_info, dscp)},
{.name = "dscp-class", .id = O_DSCP_CLASS, .excl = F_DSCP,
- .type = XTTYPE_STRING},
+ .type = XTTYPE_STRING, .flags = XTOPT_INVERT},
XTOPT_TABLEEND,
};
diff --git a/tests/options-most.rules b/tests/options-most.rules
index ab7f586..4becc2a 100644
--- a/tests/options-most.rules
+++ b/tests/options-most.rules
@@ -20,8 +20,8 @@
-A INPUT -p tcp -m connmark --mark 0x99
-A INPUT -p tcp -m conntrack --ctstate INVALID --ctproto 6 --ctorigsrc fe80::/64 --ctorigdst fe80::/64 --ctreplsrc fe80::/64 --ctrepldst fe80::/64 --ctorigsrcport 12 --ctorigdstport 13 --ctreplsrcport 14 --ctrepldstport 15 --ctstatus EXPECTED --ctexpire 1:2 --ctdir REPLY
-A INPUT -p tcp -m cpu --cpu 2
--A INPUT -p tcp -m dscp --dscp 0x04
--A INPUT -p tcp -m dscp --dscp 0x00
+-A INPUT -p tcp -m dscp --dscp 0x04 -m dscp ! --dscp 0x04
+-A INPUT -p tcp -m dscp --dscp 0x00 -m dscp ! --dscp 0x00
-A INPUT -p tcp -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name f1 --hashlimit-htable-size 64 --hashlimit-htable-max 128 --hashlimit-htable-gcinterval 60 --hashlimit-htable-expire 120 --hashlimit-srcmask 24 --hashlimit-dstmask 24
-A INPUT -p tcp -m hashlimit --hashlimit-above 5/sec --hashlimit-burst 5 --hashlimit-name f1
-A INPUT -p tcp -m helper --helper ftp
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-08-21 11:09 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-08-21 11:09 iptables-1.4.12 fixes (2) Jan Engelhardt
2011-08-21 11:09 ` [PATCH 01/21] doc: clarify libxt_connlimit defaults Jan Engelhardt
2011-08-21 11:09 ` [PATCH 02/21] libxt_conntrack: remove one misleading comment Jan Engelhardt
2011-08-21 11:09 ` [PATCH 03/21] libxt_dccp: restore missing XTOPT_INVERT tags for options Jan Engelhardt
2011-08-21 11:09 ` [PATCH 04/21] libxt_dccp: fix deprecated intrapositional ordering of ! Jan Engelhardt
2011-08-21 11:09 ` [PATCH 05/21] libxt_dccp: spell out option name on save Jan Engelhardt
2011-08-21 11:09 ` [PATCH 06/21] libxt_dccp: provide man pages options in short help too Jan Engelhardt
2011-08-21 11:09 ` [PATCH 07/21] libxt_dccp: fix random output of ! on --dccp-option Jan Engelhardt
2011-08-21 11:09 ` Jan Engelhardt [this message]
2011-08-21 11:09 ` [PATCH 09/21] libxt_hashlimit: default htable-expire must be in milliseconds Jan Engelhardt
2011-08-21 11:09 ` [PATCH 10/21] libxt_conntrack: fix --ctproto 0 output Jan Engelhardt
2011-08-21 11:09 ` [PATCH 11/21] xtoptions: flag use of XTOPT_POINTER without XTOPT_PUT Jan Engelhardt
2011-08-21 11:09 ` [PATCH 12/21] libip6t_frag: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 13/21] libxt_hashlimit: remove inversion from hashlimit rev 0 Jan Engelhardt
2011-08-21 11:09 ` [PATCH 14/21] libip6t_hbh: restore setting IP6T_OPTS_LEN flag Jan Engelhardt
2011-08-21 11:09 ` [PATCH 15/21] libip6t_dst: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 16/21] libipt_ttl: document that negation is available Jan Engelhardt
2011-08-21 11:09 ` [PATCH 17/21] libxt_owner: restore inversion support Jan Engelhardt
2011-08-21 11:09 ` [PATCH 18/21] libxt_physdev: " Jan Engelhardt
2011-08-21 11:09 ` [PATCH 19/21] libxt_policy: remove superfluous inversion Jan Engelhardt
2011-08-21 11:09 ` [PATCH 20/21] tests: add negation tests for libxt_statistic Jan Engelhardt
2011-08-21 11:09 ` [PATCH 21/21] libxt_hashlimit: observe new default gc-expire time when saving Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1313924977-8623-9-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).