[Top] [All Lists]

Re: [PATCH 2.6] iptables CONNMARK match+target

To: Harald Welte <laforge@xxxxxxxxxxxxx>
Subject: Re: [PATCH 2.6] iptables CONNMARK match+target
From: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
Date: Thu, 21 Oct 2004 15:19:12 +0200 (CEST)
Cc: Linux Netdev List <netdev@xxxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20041021130837.GE3551@xxxxxxxxxxxxxxxxxxxxxxx>
References: <20041020222102.GO19899@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410210912280.18310@xxxxxxxxxxxxxxxxxxxxx> <20041021091632.GB3551@xxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.61.0410211215580.19600@xxxxxxxxxxxxxxxxxxxxx> <20041021130837.GE3551@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 21 Oct 2004, Harald Welte wrote:

On Thu, Oct 21, 2004 at 12:25:35PM +0200, Henrik Nordstrom wrote:

The MARK bit-wise operations is also available for CONNMARK and could in
theory be included in CONNMARK when submitted to the kernel

Yes, but doesn't the patch I just submitted to DaveM include all the
required functionality?  both ipt_connmark and ipt_CONNMARK have a
'mask' parameter in ther {match,targ}info struct.

It includes the miminimal required functionality (which is already more than MARK), but it does not include the full bitwise operations allowing for xor etc, and not the same level of user friendliness in specifying the operation as the bitwise mark operations.

I am fine either way.

If you think there's something (in the kernel) missing for bit-wise
operations of CONNMARK, please let me know and send a patch.  Thanks.

The bitwise mark operations patch for CONNMARK is around somewhere.. looking. Found it and bounced to the netfilter-devel list separately.


<Prev in Thread] Current Thread [Next in Thread>