The order of mask and mark in the output is wrong. This has been pointed out: http://git.netfilter.org/iptables/commit/?id=8548dd253833027c68ac6400c3118ef788fabe5d by Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>. This patch fixes the same issue with connmark. Signed-off-by: Shivani Bhardwaj <shivanib134@xxxxxxxxx> --- extensions/libxt_connmark.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index fbfeb74..958a50c 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -127,8 +127,8 @@ static void print_mark_xlate(unsigned int mark, unsigned int mask, struct xt_xlate *xl, uint32_t op) { if (mask != 0xffffffffU) - xt_xlate_add(xl, " and 0x%x %s 0x%x ", mark, - op == XT_OP_EQ ? "==" : "!=", mask); + xt_xlate_add(xl, " and 0x%x %s 0x%x ", mask, + op == XT_OP_EQ ? "==" : "!=", mark); else xt_xlate_add(xl, " %s0x%x ", op == XT_OP_EQ ? "" : "!= ", mark); -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
