diff options
author | Florian Westphal <fw@strlen.de> | 2018-02-19 10:57:18 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-02-20 12:44:06 +0100 |
commit | a93b5021ae85940803a890e1dc4a2ba3d6a6f37c (patch) | |
tree | 754d38f67860b299068d636d540f5346a3ba961c /extensions/libxt_CONNMARK.txlate | |
parent | 577b7e20c2af1e6ea2bbe72e0c01802334fa4069 (diff) |
extensions: prefer plain 'set' over 'set mark and'
adding a test case for MARK --set-mark 0 fails with
exp: nft add rule ip mangle OUTPUT counter meta mark set 0x0
res: nft add rule ip mangle OUTPUT counter meta mark set mark and 0x0
This translation isn't wrong, but unneccessarily complex, so
change order to first check if mask bits are all ones.
In that case we can simply use an immediate value without
need for logical operators.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_CONNMARK.txlate')
-rw-r--r-- | extensions/libxt_CONNMARK.txlate | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/extensions/libxt_CONNMARK.txlate b/extensions/libxt_CONNMARK.txlate index 62321be1..a47cbb2b 100644 --- a/extensions/libxt_CONNMARK.txlate +++ b/extensions/libxt_CONNMARK.txlate @@ -1,3 +1,6 @@ +iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0 +nft add rule ip mangle PREROUTING counter ct mark set 0x0 + iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0x16 nft add rule ip mangle PREROUTING counter ct mark set 0x16 |