Jan Engelhardt wrote:
> On Oct 1 2007 00:51, KOVACS Krisztian wrote:
>
>>>>+/* TPROXY target is capable of marking the packet to perform
>>>>+ * redirection. We can get rid of that whenever we get support for
>>>>+ * mutliple targets in the same rule. */
>>>>+struct ipt_tproxy_target_info {
>>>>+ __be32 laddr;
>>>>+ __be16 lport;
>>>>+ unsigned long mark_mask;
>>>>+ unsigned long mark_value;
>>>
>>>This should use fixed size types.
>>
>>Yes, but marks are unsigned longs, aren't they? So if we restrict this to say
>>32bit then we lose the ability to use the upper half of the mark...
>
>
> longs are 32 and 64 bits, resp. A 64-bit kernel with a 32-bit userland,
> well it speaks for itself.
>
> The more I am puzzled as to why xt_MARK.h, xt_mark.h, xt_CONNMARK.h,
> xt_connmark.h use longs, and not uint32_t! Only xt_SECMARK.h does it right...
>
> Patrick, is this a longstanding 'bug'?
Not a bug, compatiblity crap. skb->nfmark used to be unsigned long,
but since a) it sucks to have userspace-visible stuff like this
depend on the architecture and b) routing, classifiers etc. all
only supported 32 bits, we've changed it.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
