Jan Engelhardt wrote:
Hi, the usual MARK targets all have something like: newmark = (oldmark & ~mask) | newmark; in Fall 2007's tproxy patches, the following is used instead: newmark = (oldmark & ~mask) ^ newmark; this puzzled me at first but looks well-thought. The new xt_TOS already uses the XOR variant, to get that extra bit of expressive power[1]. I would have liked to do the same for MARK, but I suspect it is not quite backwards-compatible with respect to user scripts and iptables-save output. So what could be done? * -j MARK2 --set-mark 0x81/0x7F * -j MARK --set-mark-v2 0x81/0x7F other ideas, thoughts, criticism?
Check out: http://lists.netfilter.org/pipermail/netfilter-devel/2004-June/015718.html it can be done fully compatible and can express an arbitary amount of combined bit operations. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
