Jamal Hadi Salim wrote:

On Thu, 2005-03-24 at 16:17, Pablo Neira wrote:

quoted

I was also involved in that change together with Rusty around january. 
It's a new infrastructure to extend matches/targets without breaking 
backward compatibility with previous releases of target/matches/iptables.

I think in the future this will go fine; all actions have a version
field as well that is set to 0 at the moment.

Hm, it's not set to 0, it's set to the highest revision of the target 
found in the kernel.

tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src 
10.0.2.24/32 flowid 1:16 action ipt -j MARK --and-mark 0x1

That example works fine and those options are only available in the 
brand new revision of MARK.

quoted

Your patch for tc to fix the problem looks fine. BTW, you can now use 
extended MARK features like --and-mark and --or-mark ;->

cool.

Would you like to pay for your sins;-> by looking at my code to see it
doesnt break or miss things?

I've found some problems, attached a patch to fix some things:

- a leak in option handling
- it doesn't check that the target received the correct parameters 
(m->final_check).

--
Pablo