From 1850991dd788b9534c7c9c2863e1e981709ac3ed Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 11 Mar 2012 19:51:57 +0000 Subject: [PATCH] functions.m4: The mark-{from,to}-* rules no longer own the packet marks. These rules now have to be more careful about exactly which parts of the mark field they clobber. --- functions.m4 | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/functions.m4 b/functions.m4 index b78dcbe..a8ed16b 100644 --- a/functions.m4 +++ b/functions.m4 @@ -398,25 +398,25 @@ defnetclass () { ;; 2) - ## Pass 2. Compute the actual from and to values. We're a little bit - ## clever during source classification, and set the TO field to - ## all-bits-one, so that destination classification needs only a single - ## AND operation. - from=$(( ($netclassindex << $BIT_FROM) + (0xf << $BIT_TO) )) + ## Pass 2. Compute the actual from and to values. This is fiddly: + ## we want to preserve the other flags. + from=$(( ($netclassindex << $BIT_FROM) )) + frommask=$(( $MASK_FROM | $MASK_MASK )) for net; do eval bit=\$_mask_$net from=$(( $from + $bit )) done - to=$(( ($netclassindex << $BIT_TO) + \ - (0xf << $BIT_FROM) + \ - (1 << ($netclassindex + $BIT_MASK)) )) - trace "from $name --> set $(printf %x $from)" - trace " to $name --> and $(printf %x $from)" + to=$(( ($netclassindex << $BIT_TO) )) + tomask=$(( $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) )) + trace "from $name --> set $(printf %08x/%08x $from $frommask)" + trace " to $name --> and $(printf %08x/%08x $to $tomask)" ## Now establish the mark-from-NAME and mark-to-NAME chains. clearchain mangle:mark-from-$name mangle:mark-to-$name - run ip46tables -t mangle -A mark-from-$name -j MARK --set-mark $from - run ip46tables -t mangle -A mark-to-$name -j MARK --and-mark $to + run ip46tables -t mangle -A mark-from-$name -j MARK \ + --set-xmark $from/$frommask + run ip46tables -t mangle -A mark-to-$name -j MARK \ + --set-xmark $to/$tomask ;; esac netclassindex=$(( $netclassindex + 1 )) -- 2.11.0