David F wrote:
I changed my
code to use htonl() on the mark-value prior to calling
nfq_set_verdict_mark(), and it all suddenly started working.
Since it is not documented, everyone rediscovers it anew. See e.g.
http://www.gossamer-threads.com/lists/iptables/devel/62591
I had a quick look through the source code of libnetfilter_queue and
libnfnetlink_queue and didn't see any obvious byte-order conversion
prior to sending to the kernel, so I wonder if anyone could help me
understand,
* Is the mark value _supposed_ to be supplied in network byte order or
is something else going on here;
and if so,
* Since the mark never hits the wire, why would it ever be kept in
network byte order?
The latter is an issue in kernel programming, where all code in a
given set assumes an established byte order. In facts, it is not
uncommon to have the same word byteswapped multiple times on the
same machine for the sake of obeying conventions.
HTH
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
