Stephanie Lockwood-Childs wrote:
when trying to set marks with netfilter_queue library, I discovered
there is
a discrepency in byte ordering between the library and the
nfnetlink_queue
kernel model. The kernel code expects to receive the mark attribute in
network order
net/netfilter/nfnetlink_queue.c
if (nfqa[NFQA_MARK-1])
entry->skb->mark = ntohl(*(__be32 *)
NFA_DATA(nfqa[NFQA_MARK-1]));
so netfilter_queue library should put the mark into network order when
sending it.
Yes, its a stupid bug and even I got bitten by it multiple times,
but we can't change it since users already rely on this behaviour.
You could introduce a new, fixed version of set_verdict_mark and
deprecate the old one.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
