diff options
-rw-r--r-- | extensions/libxt_CONNMARK.c | 22 | ||||
-rw-r--r-- | extensions/libxt_CONNMARK.txlate | 6 |
2 files changed, 10 insertions, 18 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index c7933464..94984cdc 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -371,20 +371,18 @@ static int connmark_tg_xlate(struct xt_xlate *xl, info->ctmark, ~info->ctmask); break; case XT_CONNMARK_SAVE: - xt_xlate_add(xl, "ct mark set mark"); - if (!(info->nfmask == UINT32_MAX && - info->ctmask == UINT32_MAX)) { - if (info->nfmask == info->ctmask) - xt_xlate_add(xl, " and 0x%x", info->nfmask); - } + if (info->nfmask == info->ctmask && + info->nfmask == UINT32_MAX) + xt_xlate_add(xl, "ct mark set mark"); + else + return 0; break; case XT_CONNMARK_RESTORE: - xt_xlate_add(xl, "meta mark set ct mark"); - if (!(info->nfmask == UINT32_MAX && - info->ctmask == UINT32_MAX)) { - if (info->nfmask == info->ctmask) - xt_xlate_add(xl, " and 0x%x", info->nfmask); - } + if (info->nfmask == info->ctmask && + info->nfmask == UINT32_MAX) + xt_xlate_add(xl, "meta mark set ct mark"); + else + return 0; break; } diff --git a/extensions/libxt_CONNMARK.txlate b/extensions/libxt_CONNMARK.txlate index a47cbb2b..ce40ae5e 100644 --- a/extensions/libxt_CONNMARK.txlate +++ b/extensions/libxt_CONNMARK.txlate @@ -16,11 +16,5 @@ nft add rule ip mangle PREROUTING counter ct mark set ct mark or 0x16 iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark nft add rule ip mangle PREROUTING counter ct mark set mark -iptables-translate -t mangle -A PREROUTING -j CONNMARK --save-mark --mask 0x12 -nft add rule ip mangle PREROUTING counter ct mark set mark and 0x12 - iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark nft add rule ip mangle PREROUTING counter meta mark set ct mark - -iptables-translate -t mangle -A PREROUTING -j CONNMARK --restore-mark --mask 0x12 -nft add rule ip mangle PREROUTING counter meta mark set ct mark and 0x12 |