diff options
-rw-r--r-- | extensions/libxt_CONNMARK.c | 6 | ||||
-rw-r--r-- | extensions/libxt_CONNMARK.txlate | 3 | ||||
-rw-r--r-- | extensions/libxt_MARK.c | 6 | ||||
-rw-r--r-- | extensions/libxt_MARK.txlate | 3 |
4 files changed, 12 insertions, 6 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index f60be583..c7933464 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -356,7 +356,9 @@ static int connmark_tg_xlate(struct xt_xlate *xl, switch (info->mode) { case XT_CONNMARK_SET: xt_xlate_add(xl, "ct mark set "); - if (info->ctmark == 0) + if (info->ctmask == 0xFFFFFFFFU) + xt_xlate_add(xl, "0x%x ", info->ctmark); + else if (info->ctmark == 0) xt_xlate_add(xl, "ct mark and 0x%x", ~info->ctmask); else if (info->ctmark == info->ctmask) xt_xlate_add(xl, "ct mark or 0x%x", @@ -364,8 +366,6 @@ static int connmark_tg_xlate(struct xt_xlate *xl, else if (info->ctmask == 0) xt_xlate_add(xl, "ct mark xor 0x%x", info->ctmark); - else if (info->ctmask == 0xFFFFFFFFU) - xt_xlate_add(xl, "0x%x ", info->ctmark); else xt_xlate_add(xl, "ct mark xor 0x%x and 0x%x", info->ctmark, ~info->ctmask); diff --git a/extensions/libxt_CONNMARK.txlate b/extensions/libxt_CONNMARK.txlate index 62321be1..a47cbb2b 100644 --- a/extensions/libxt_CONNMARK.txlate +++ b/extensions/libxt_CONNMARK.txlate @@ -1,3 +1,6 @@ +iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0 +nft add rule ip mangle PREROUTING counter ct mark set 0x0 + iptables-translate -t mangle -A PREROUTING -j CONNMARK --set-mark 0x16 nft add rule ip mangle PREROUTING counter ct mark set 0x16 diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index 12b1695e..5c6186fe 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -252,14 +252,14 @@ static int mark_tg_xlate(struct xt_xlate *xl, xt_xlate_add(xl, "meta mark set "); - if (info->mark == 0) + if (info->mask == 0xffffffffU) + xt_xlate_add(xl, "0x%x ", info->mark); + else if (info->mark == 0) xt_xlate_add(xl, "mark and 0x%x ", ~info->mask); else if (info->mark == info->mask) xt_xlate_add(xl, "mark or 0x%x ", info->mark); else if (info->mask == 0) xt_xlate_add(xl, "mark xor 0x%x ", info->mark); - else if (info->mask == 0xffffffffU) - xt_xlate_add(xl, "0x%x ", info->mark); else xt_xlate_add(xl, "mark and 0x%x xor 0x%x ", ~info->mask, info->mark); diff --git a/extensions/libxt_MARK.txlate b/extensions/libxt_MARK.txlate index ab5977e9..d3250ab6 100644 --- a/extensions/libxt_MARK.txlate +++ b/extensions/libxt_MARK.txlate @@ -1,3 +1,6 @@ +iptables-translate -t mangle -A OUTPUT -j MARK --set-mark 0 +nft add rule ip mangle OUTPUT counter meta mark set 0x0 + iptables-translate -t mangle -A OUTPUT -j MARK --set-mark 64 nft add rule ip mangle OUTPUT counter meta mark set 0x40 |