On 8/18/2015 7:39 PM, Eddie wrote: > Seeing the recent question on Marks with IPv6 I went back to review a > setup I'm currently testing. > > In my tcrules file I have: > > CONTINUE $FW - - - - - !0x0 > > This generates the following mangle rule: > > -A tcout -m mark ! --mark 0x0/0xff -j RETURN > > But based on my config file: > > TC_BITS=8 > PROVIDER_BITS=8 > PROVIDER_OFFSET=8 > MASK_BITS=8 > ZONE_BITS=0 > > Shouldn't that read: > > -A tcout -m mark ! --mark 0x0/0xff00 -j RETURN > > All the other mark "tests" specify a mask of 0xff00 >
In all instances, the default mask for MARK columns is the TC Mask which is 0xff in your configuration. Note that, unless TC_EXPERT=Yes, tcout is only traversed by packets that have no routing mark. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
