On 17 June 2016 at 18:10, <rodanber@xxxxxxxxx> wrote: > From: Roberto García <rodanber@xxxxxxxxx> > > Add translation for the CONNMARK target to nftables. > > The following options have no available translation: > > --save-mark [--nfmask nfmask] [--ctmask ctmask] > --restore-mark [--nfmask nfmask] [--ctmask ctmask] > > Examples: > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0x16 > nft add rule ip mangle PREROUTING counter ct mark set 0x16 > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-xmark 0x16/0x12 > nft add rule ip mangle PREROUTING counter ct mark set ct mark xor 0x16 and > 0xffffffed > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --and-mark 0x16 > nft add rule ip mangle PREROUTING counter ct mark set ct mark and 0x16 > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --or-mark 0x16 > nft add rule ip mangle PREROUTING counter ct mark set ct mark or 0x16 > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark > nft add rule ip mangle PREROUTING counter ct mark set mark > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark \ > --mask 0x12 > nft add rule ip mangle PREROUTING counter ct mark set mark and 0x12 > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark > nft add rule ip mangle PREROUTING counter meta mark set ct mark > > # iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark \ > --mask 0x12 > nft add rule ip mangle PREROUTING counter meta mark set ct mark and 0x12 > > Signed-off-by: Roberto García <rodanber@xxxxxxxxx> > --- > extensions/libxt_CONNMARK.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 45 insertions(+) Acked-by: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> -- Arturo Borrero González -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
