Greetings. The following patch is similar to one I submitted as an RFC quite a while back (April). Since then I've realised that the option should have been in the 'set mark' family as opposed to 'save mark' because 'set' is about setting the ct mark directly, whereas 'save' is about copying a packet's mark to the ct mark. Similarly I've been made aware of the revision infrastructure and now that I understand that a little more have made use of it for this change. Hopefully this addresses one of Pablo's concerns. I've not been able to address the 'I'd like an nftables version'. Quite simply it is beyond my knowledge and ability. I am willing to contribute financially if someone wishes to step up to the nftables plate...yes I'd like to see the functionality implemented *that* much. Kevin Darbyshire-Bryant (1): netfilter: connmark: introduce set-dscpmark include/uapi/linux/netfilter/xt_connmark.h | 10 ++++ net/netfilter/xt_connmark.c | 57 ++++++++++++++++++---- 2 files changed, 58 insertions(+), 9 deletions(-) -- 2.21.0 (Apple Git-122.2)
