Jan Engelhardt wrote:
On Dec 4 2007 09:11, Patrick McHardy wrote:
But it concerns CONNMARK. See this patch, which introduces --set-xmark.
Assumes a xt_CONNMARK.ko v2 that does:
--set:
ctmark = (ctmark & info->ctmark_mask) ^ info->ctmark_value;
--save:
ctmark = (nfmark & info->nfmark_mask) ^ (ctmark & info->ctmark_mask);
--restore:
nfmark = (nfmark & info->nfmark_mask) ^ (ctmark & info->ctmark_mask);
As you can see, it would introduce a new option "--set-xmark", and
that name does not sound as appalling as --set-mark, so I was looking
for a better one ;-)
It would be easier for me if you'd explain what every option does,
especially why you need this set-xmark option.
--set-xmark would use the (yet to be written) xt_CONNMARK v2 semantic,
while --set-mark would do the compatible v0/v1 one.
What xt_CONNMARK does at the moment (.revision=0/1):
ctmark = (ctmark & info->mask) | info->mark;
Essential operation of xt_CONNMARK (.revision=2):
ctmark = (ctmark & info->ctmark_mask) ^ info->ctmark_value;
For CONNMARK, this allows to and/or/xor bits in one go rather than just
selectively and/or, as it is now.
I still don't see why you can't keep --set-mark and add new options
--and-mark, --xor-mark, ...
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
