[Bug 1739] meta mark 0x80000000 display error
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Mar 19 19:59:49 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1739
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to bolvan from comment #3)
> Why only 0x80000000 trigger this behavior ?
> What has prefix notation has to do with the mark ?
not only 0x80000000, but also:
table ip x {
chain y {
type filter hook output priority 0;
meta mark and 0xc0000000 != 0
meta mark and 0xe0000000 != 0
meta mark and 0xf0000000 != 0
}
}
results in:
table ip x {
chain y {
type filter hook output priority filter; policy accept;
meta mark != 0x00000000/2
meta mark != 0x00000000/3
meta mark != 0x00000000/4
}
}
because:
0x80000000
0xc0000000
0xe0000000
0xf0000000
...
and so on.
Those are interpreted as a prefix. If this behaviour is confusing, it only
takes a oneliner to remove this behaviour...
diff --git a/src/datatype.c b/src/datatype.c
index 3205b214197f..b368ea9125fc 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -1015,7 +1015,6 @@ const struct datatype mark_type = {
.print = mark_type_print,
.json = mark_type_json,
.parse = mark_type_parse,
- .flags = DTYPE_F_PREFIX,
};
static const struct symbol_table icmp_code_tbl = {
... if it is judged to be counterintuitive.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240319/aea80343/attachment.html>
More information about the netfilter-buglog
mailing list