On 4/22/12 6:39 PM, Ed W wrote: > Hi, I note that in tcrules, RESTORE applies a default mask of 0xFFFF in > the case of running the equiv of WIDE_TC_MARKS=Yes, HIGH_ROUTE_MARKS=Yes > > However, if you try RESTORE/MASK it's clipped at TC_BITS (so 0x3FFF in > this case). I think this also applies to SAVE. > > Seems inconsistent (you can't specify such a large mask as the default, > when you try it manually).
This inconsistency is the result of an unfortunate choice some time ago; see http://www.shorewall.net/PacketMarking.html#Values. > > I wonder though if we actually need limit the range for SAVE/RESTORE at > all? It protects against saving or restoring route mark bits, but is > that necessary? Perhaps if TC_EXPERT is set then there could be no > limit on the mask used for SAVE/RESTORE? Comments? Too many people who consider themselves experts are only expert at doing the wrong thing; I think I'll leave it the way it is. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
