Jack Ma <jack...@alliedtelesis.co.nz> wrote: > Our current condition is: > > 1) only 0xfff00000 (three F available in skb->mark), but 0xfffff000 (five F > available in ct->mark) > > We wish to copy either 0xfff00000 or 0x00fff000 from ct->mark into skb->mark, > > > What about '-j CONNMARK --restore-mark --mask 0xfffff000 << 8 ( left shift 2 > F)' > > This will result in skb->mark = ct->mark << 8 > > if ct->mark = 0xabcde000, now skb->mark is changed to: skb->mark = > 0xcde00000. > > Does this make sense :) ?
Yes it does. AFAICS with nftables you could already do this but I can understand if you need to use iptables for this. So feel free to send a patch from xt_connmark. Thanks for explaining this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
