Nikolay S. Rybalov wrote:
Hi all,
I have troubles with "-j MARK --set-xmark" combination in mangle table.
Particulary, I want set one bit in nf mark by means, say, --set-xmark
0x10/0x10, and it worked in kernels from at least 2.6.24 up to the last
in 2.6.27.
I use: iptables -t mangle -A POSTROUTING -o eth1 -d 192.168.37.0/24 -j
MARK --set-xmark 0x10/0x10
and get:
iptables v1.4.2: Unknown arg `(null)'
Try `iptables -h' or 'iptables --help' for more information.
When I try --or-mark, iptables says that my "kernel too old for --or-mark"
Same thing happens with -j CONNMARK.
Can someone advise what to do, I really need to set only one bit without
altering the rest of the mark.
Does this patch fix it?
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 89837a4..36cb63b 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -289,6 +289,10 @@ static int target_revfn(u8 af, const char *name, u8 revision, int *bestp)
have_rev = 1;
}
}
+
+ if (af != NFPROTO_UNSPEC && !have_rev)
+ return target_revfn(NFPROTO_UNSPEC, name, revision, bestp);
+
return have_rev;
}
