Re: libnetfilter_queue: mark-value byte ordering?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pablo Neira Ayuso wrote:
> David F wrote:
>> Pablo Neira Ayuso wrote:
>>> Alessandro Vesely wrote:
>>>  
>>>> David F wrote:
>>>>    
>>>>>  I changed my code to use htonl() on the mark-value prior to calling
>>>>> nfq_set_verdict_mark(), and it all suddenly started working.
>>>>>       
>>>> Since it is not documented, everyone rediscovers it anew. See e.g.
>>>> http://www.gossamer-threads.com/lists/iptables/devel/62591
>>>>     
>>> I have applied the following patch. I think that, at least, new users
>>> will not hit this problem again. I'm very sorry that this was not fixed
>>> before. Let me know if you are OK with it, we're still in time to revert
>>> the patch attached.
>>>   
>> For what it's worth, I had previously prepared this patch which just
>> clarifies the documentation on this parameter.  I think it still has
>> value since I also added some missing return-value docs and changed the
>> descriptions of a few parameters that I had found to be confusing.
> 
> I have applied your patch but I have mangled this part:
> 
> @@ -699,10 +705,12 @@ int nfq_set_verdict2(struct nfq_q_handle *qh,
> u_int32_t id,
>   * \param qh Netfilter queue handle obtained by call to nfq_create_queue().
>   * \param id	ID assigned to packet by netfilter.
>   * \param verdict verdict to return to netfilter (NF_ACCEPT, NF_DROP)
> - * \param mark mark to put on packet
> + * \param mark the mark to put on the packet, in network byte order.
> 
> The mark parameter in nfq_set_verdict2() is in host-byte order. It must
> be in network-byte order in the deprecated nfq_set_verdict_mark().

Sorry, it's fine. I got confused with the patch context information.
That change applies to nfq_set_verdict_mark().
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux