Hi, the usual MARK targets all have something like: newmark = (oldmark & ~mask) | newmark; in Fall 2007's tproxy patches, the following is used instead: newmark = (oldmark & ~mask) ^ newmark; this puzzled me at first but looks well-thought. The new xt_TOS already uses the XOR variant, to get that extra bit of expressive power[1]. I would have liked to do the same for MARK, but I suspect it is not quite backwards-compatible with respect to user scripts and iptables-save output. So what could be done? * -j MARK2 --set-mark 0x81/0x7F * -j MARK --set-mark-v2 0x81/0x7F other ideas, thoughts, criticism? [1] http://www.spinics.net/lists/netfilter-devel/msg00050.html - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
