]> git.proxmox.com Git - pve-firewall.git/commit
projects / pve-firewall.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 24dd51c) | patch
use only the top bit for our accept marks
authorWolfgang Bumiller <w.bumiller@proxmox.com>
Thu, 31 Mar 2016 11:59:46 +0000 (13:59 +0200)
committerDietmar Maurer <dietmar@proxmox.com>
Fri, 1 Apr 2016 05:29:50 +0000 (07:29 +0200)
commitfe3d79b4807b47eeeedb232e84c022a4dd6828b2
tree0f50a2841671ce5c7c1bcfdd6fee6ac0d1be1656tree
parent24dd51c24106036bffc4e8a471c785f326bf2e1dcommit | diff
use only the top bit for our accept marks

This way we can let the remaining 31 bits be used by the
user.
Note that the routing decision has already been made when
these tables are being traversed, so the fwmark will not be
usable for routing rules (ip-rule(8)), but the mark can
still be used for other tasks such as traffic control (tc)
which happens on the outgoing interface.
src/PVE/Firewall.pm diff | blob | blame | history
src/PVE/FirewallSimulator.pm diff | blob | blame | history
Firewall test scripts