diff options
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | extensions/libxt_TOS.man | 23 |
2 files changed, 17 insertions, 8 deletions
diff --git a/configure.ac b/configure.ac index ab824a4f..84fa47a4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ -AC_INIT([iptables], [1.4.11.1]) +AC_INIT([iptables], [1.4.12]) # See libtool.info "Libtool's versioning system" libxtables_vcurrent=7 diff --git a/extensions/libxt_TOS.man b/extensions/libxt_TOS.man index 46f67379..f9896740 100644 --- a/extensions/libxt_TOS.man +++ b/extensions/libxt_TOS.man @@ -4,24 +4,33 @@ shares the same bits as DSCP and ECN. The TOS target is only valid in the \fBmangle\fP table. .TP \fB\-\-set\-tos\fP \fIvalue\fP[\fB/\fP\fImask\fP] -Zeroes out the bits given by \fImask\fP and XORs \fIvalue\fP into the -TOS/Priority field. If \fImask\fP is omitted, 0xFF is assumed. +Zeroes out the bits given by \fImask\fP (see NOTE below) and XORs \fIvalue\fP +into the TOS/Priority field. If \fImask\fP is omitted, 0xFF is assumed. .TP \fB\-\-set\-tos\fP \fIsymbol\fP You can specify a symbolic name when using the TOS target for IPv4. It implies -a mask of 0xFF. The list of recognized TOS names can be obtained by calling -iptables with \fB\-j TOS \-h\fP. +a mask of 0xFF (see NOTE below). The list of recognized TOS names can be +obtained by calling iptables with \fB\-j TOS \-h\fP. .PP The following mnemonics are available: .TP \fB\-\-and\-tos\fP \fIbits\fP Binary AND the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos -0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.) +0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP. +See NOTE below.) .TP \fB\-\-or\-tos\fP \fIbits\fP Binary OR the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos\fP -\fIbits\fP\fB/\fP\fIbits\fP.) +\fIbits\fP\fB/\fP\fIbits\fP. See NOTE below.) .TP \fB\-\-xor\-tos\fP \fIbits\fP Binary XOR the TOS value with \fIbits\fP. (Mnemonic for \fB\-\-set\-tos\fP -\fIbits\fP\fB/0\fP.) +\fIbits\fP\fB/0\fP. See NOTE below.) +.PP +NOTE: In Linux kernels up to and including 2.6.38, with the exception of +longterm releases 2.6.32.42 (or later) and 2.6.33.15 (or later), there is a bug +whereby IPv6 TOS mangling does not behave as documented and differs from the +IPv4 version. The TOS mask indicates the bits one wants to zero out, so it needs +to be inverted before applying it to the original TOS field. However, the +aformentioned kernels forgo the inversion which breaks --set-tos and its +mnemonics. |