netdev
[Top] [All Lists]

Re: [PATCH 2.6] iptables CONNMARK match+target

To: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH 2.6] iptables CONNMARK match+target
From: Harald Welte <laforge@xxxxxxxxxxxxx>
Date: Thu, 21 Oct 2004 15:08:37 +0200
Cc: Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <Pine.LNX.4.61.0410211215580.19600@xxxxxxxxxxxxxxxxxxxxx>
Mail-followup-to: Harald Welte <laforge@xxxxxxxxxxxxx>, Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>, Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
References: <20041020222102.GO19899@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410210912280.18310@xxxxxxxxxxxxxxxxxxxxx> <20041021091632.GB3551@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410211215580.19600@xxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i
On Thu, Oct 21, 2004 at 12:25:35PM +0200, Henrik Nordstrom wrote:

> The MARK bit-wise operations is also available for CONNMARK and could in 
> theory be included in CONNMARK when submitted to the kernel 

Yes, but doesn't the patch I just submitted to DaveM include all the
required functionality?  both ipt_connmark and ipt_CONNMARK have a
'mask' parameter in ther {match,targ}info struct.

> I am fine either way.

If you think there's something (in the kernel) missing for bit-wise
operations of CONNMARK, please let me know and send a patch.  Thanks.

> Regards
> Henrik

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

<Prev in Thread] Current Thread [Next in Thread>