On Sun, Dec 20, 2015 at 12:04 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Sat, Dec 19, 2015 at 11:51:14PM +0530, Shivani Bhardwaj wrote: >> On Sat, Dec 19, 2015 at 11:41 PM, Shivani Bhardwaj >> <shivanib134@xxxxxxxxx> wrote: >> > On Sat, Dec 19, 2015 at 11:17 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> >> On Sat, Dec 19, 2015 at 07:56:56PM +0530, Shivani Bhardwaj wrote: >> >>> On Sat, Dec 19, 2015 at 3:10 AM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> >>> > But, anyway after applying you patch I can see: >> >>> > >> >>> > # iptables-translate -I INPUT -m mark --mark 10 >> >>> > nft insert rule ip filter INPUT ct mark & xa counter >> >>> > >> >>> > So this kind of work already. >> >>> > >> >>> >> >>> Hi, >> >>> >> >>> I just tried adding this rule to nft. It does not work. It only works >> >>> for integer values of mark. nft shows syntax error for ampersand and >> >>> hex values. >> >>> >> >>> Isn't there something wrong? Please let me know. >> >> >> >> The line above should be: >> >> >> >> nft insert rule ip filter INPUT ct mark & 0xa counter >> >> >> > >> >> Ampersand again causes syntax error. However, it works fine as below: >> >> nft insert rule ip filter INPUT ct mark 0xa counter > > Yes, that is fine as I indicated in a previous email. Thank you. Could you please tell why ct mark and not simply mark? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
