From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Hi Hans, I'm taking over your initial HMARK extension for iptables and took the freedom to revamp it. It now provides a shortcut for easy configuration: iptables -I PREROUTING -t mangle -j HMARK \ --hmark-tuple src,dst,proto \ --hmark-mod 2 \ --hmark-rnd 0xfeedcafe Where --hmark-tuple can be src,dst,proto,sport,dport,spi,ct Of course, you cannot set spi and sport/dport at the same time and ct must be used all alone. You can still use the advanced options for fine tweaking --hmark-*-prefix and --hmark-*-mask. I also needed to add some new functions to libxtables to obtain the network prefix a.k.a CIDR notation. Also reworked xtables_ip[6]mask_to_numeric. Frankly, I think they now look better from the string handling perspective. Note that the --hmark-rnd and --hmark-mod are mandatory. Specifically, I don't want any assumption on --hmark-rnd, users are lazy, they don't set what is not mandatory (and I believe this parameter is important). Please, test and report any issue with this asap. I'd like to integrate this into iptables' master branch by when 3.5 is out so people upgrading to that kernel can enjoy it. I'm respecting your authorship in the HMARK extension, as you started this code. You can also find these two patches in the hmark branch of the iptables git tree. Hans Schillstrom (1): extensions: add HMARK target Pablo Neira Ayuso (1): libxtables: add xtables_ip[6]mask_to_cidr extensions/libxt_HMARK.c | 441 ++++++++++++++++++++++++++++++++++++ extensions/libxt_HMARK.man | 60 +++++ include/linux/netfilter/xt_HMARK.h | 50 ++++ include/xtables.h.in | 2 + libxtables/xtables.c | 33 ++- 5 files changed, 577 insertions(+), 9 deletions(-) create mode 100644 extensions/libxt_HMARK.c create mode 100644 extensions/libxt_HMARK.man create mode 100644 include/linux/netfilter/xt_HMARK.h -- 1.7.10 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
