Oh, wait .family = NFPROTO_IPV4, in the v6 section On Fri, Jan 10, 2025 at 2:20 PM Maciej Żenczykowski <zenczykowski@xxxxxxxxx> wrote: > > We've had to: > Revert "netfilter: xtables: avoid NFPROTO_UNSPEC where needed" > https://android-review.googlesource.com/c/kernel/common/+/3305935/2 > > It seems the failure is (probably related to): > ... > E IptablesRestoreController: -A bw_INPUT -j MARK --or-mark 0x100000 > ... > E IptablesRestoreController: ------- ERROR ------- > E IptablesRestoreController: Warning: Extension MARK revision 0 not > supported, missing kernel module? > E IptablesRestoreController: ip6tables-restore v1.8.10 (legacy): MARK > target: kernel too old for --or-mark > E IptablesRestoreController: Error occurred at line: 27 > > But, I don't see an obvious bug in the CL we had to revert...
