[oh, the mailing list daemon seems unresponsive for I have not received the 2nd copy, and neither did the web crawlers...] On Saturday 2011-08-20 23:40, Dave Taht wrote: >I keep seeing inversion match fixes go by on this version of iptables. I ran >across one also, on the port to cerowrt of this version of iptables, in the >"dscp" tables matches. > >http://www.bufferbloat.net/issues/216#note-48 > >but have not poked into it further (am travelling). Fixed? This is unfortunate indeed, but somewhat owed to the fact that this was not encoded reliably previously, in other words, negations were sometimes erroneously allowed as each match checked for this themselves. With the move to the Guided Option Parser, negation became centrally checked and thus needs to be explicit mentioned. With the initial conversion to GOP, I may have missed adding XTOPT_INVERT in some cases because of that repetitive action. Yeah, there are other extensions (xt_dccp) that I have come across in my audit sweep of all extensions so far. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
