David F wrote: > Pablo Neira Ayuso wrote: >> Alessandro Vesely wrote: >> >>> David F wrote: >>> >>>> I changed my code to use htonl() on the mark-value prior to calling >>>> nfq_set_verdict_mark(), and it all suddenly started working. >>>> >>> Since it is not documented, everyone rediscovers it anew. See e.g. >>> http://www.gossamer-threads.com/lists/iptables/devel/62591 >>> >> >> I have applied the following patch. I think that, at least, new users >> will not hit this problem again. I'm very sorry that this was not fixed >> before. Let me know if you are OK with it, we're still in time to revert >> the patch attached. >> > For what it's worth, I had previously prepared this patch which just > clarifies the documentation on this parameter. I think it still has > value since I also added some missing return-value docs and changed the > descriptions of a few parameters that I had found to be confusing. I have applied your patch but I have mangled this part: @@ -699,10 +705,12 @@ int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t id, * \param qh Netfilter queue handle obtained by call to nfq_create_queue(). * \param id ID assigned to packet by netfilter. * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP) - * \param mark mark to put on packet + * \param mark the mark to put on the packet, in network byte order. The mark parameter in nfq_set_verdict2() is in host-byte order. It must be in network-byte order in the deprecated nfq_set_verdict_mark(). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
