Dear netfilter developers, I'm stumbling over a confusion, maybe just mine, regarding the use of the mask value of the TOS target in order to avoid messing with the ECN bits within. I thought I understood the issue, starting to use, for example: -j TOS --set-tos 0x0c/0xfc which should result in A) leaving ECN alone and B) set the DSCP bits to 000011, the first "reserved for local use" value. The confusion I'd like to clear up with this mail, is that googling around to confirm my understanding, I found the following text in my iptables-extensions manual page for the tos _match_ --tos option: ... Note that this implies a mask of 0x3F, i.e. all but the ECN bits. Is my understanding wrong, should I use --set-tos 0x03/0x3f instead for the example above? Or is the manpage wrong? best regards Patrick -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html