On Dec 17 2007 14:04, Patrick McHardy wrote:
> Jan Engelhardt wrote:
>> This patch changes the behavior of xt_TOS v1 so that the mask value
>> one supplies means "zero out these bits" rather than "keep these
>> bits". This is more easy on the user, as (I would assume) people
>> keep more bits than zeroing, so, an example:
>>
>> Action: Set bit 0x01.
>> before: iptables -j TOS --set-tos 0x01/0xFE
>> after: iptables -j TOS --set-tos 0x01/0x01
>>
>> This is not too "tragic" with xt_TOS, but where larger fields are
>> used (e.g. proposed xt_MARK v2), `--set-xmark 0x01/0xFFFFFFFE` vs.
>> `--set-xmark 0x01/0x01` is really a worthy difference.
>> Other modules, such as xt_TPROXY also use &~ rather than &, so
>> let's find a common ground.
>
> I'm going to apply this, but only if we're going to have
> an easier to use userspace extension for this.
>
> I'd prefer:
>
> --set-tos: set exact value, no mask
> --or-tos: set single bits
> --xor-tos: flip single bits
> --and-tos: mask single bits
>
Ok, I'll add these. However, since they get transformed to xmark
internally, they would normally be displayed as
--set-tos value/mask (iptables-save, iptables -nL)
TOS set value/mask (iptables -L)
Is that ok, or should I figure out some math to transform it back to
--{or,xor,and}-tos for the human-readable (iptables -L) case?
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
