On Thursday 2011-06-16 10:36, Fernando Luis Vazquez Cao wrote: >Jan, Patrick, > >I would like to get this bug in old Linux kernels documented in the >iptables man page, since it is pretty serious. The fix made into 2.6.39 >and I would like to have it backported to 2.6.32-longterm and >2.6.33-longterm. If you disagree with the backport to -longterm please >let me know, I would update the patch accordingly. > .SH BUGS > Bugs? What's this? ;-) >+.PP > Well... the counters are not reliable on sparc64. >+.PP >+In Linux kernels up to and including 2.6.38, with the exception of longterm >+releases 2.6.32.42 (or later) and 2.6.33.15 (or later), there is a bug whereby >+IPv6 TOS mangling does not behave as documented and differs from the IPv4 >+version. The TOS mask indicates the bits one wants to zero out, so it needs to >+be inverted before applying it to the original TOS field. However, the >+aformentioned kernels forgo the inversion which breaks --set-tos and its >+mnemonics. >+.PP >+You might also want to have a look at http://bugzilla.netfilter.org/ > .SH COMPATIBILITY WITH IPCHAINS > This \fBip6tables\fP > is very similar to ipchains by Rusty Russell. The main difference is I feel this should be listed in the TOS page, to avoid duplication. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
