Hi Florian, Our current condition is: 1) only 0xfff00000 (three F available in skb->mark), but 0xfffff000 (five F available in ct->mark) We wish to copy either 0xfff00000 or 0x00fff000 from ct->mark into skb->mark, What about '-j CONNMARK --restore-mark --mask 0xfffff000 << 8 ( left shift 2 F)' This will result in skb->mark = ct->mark << 8 if ct->mark = 0xabcde000, now skb->mark is changed to: skb->mark = 0xcde00000. Does this make sense :) ? Regards, Jack ________________________________________ From: Florian Westphal <fw@xxxxxxxxx> Sent: Thursday, January 25, 2018 7:22 PM To: Jack Ma Subject: Re: conntrack enhancement Jack Ma <Jack.Ma@xxxxxxxxxxxxxxxxxxx> wrote: > Hi Florian, > > Any comments? Please let me know if anything is unclear to you. It would be nice if you could show a pseudo-ruleset that uses this proposed feature, save and restore rule should be enough. Just so I can see why existing mask support isn't sufficient for your use case. Thanks, Florian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
