1--- linux/include/linux/netfilter_ipv4/ipt_mark.h.old Mon Mar 25 16:20:48 2002 2+++ linux/include/linux/netfilter_ipv4/ipt_mark.h Fri Mar 22 14:03:48 2002 3@@ -1,9 +1,16 @@ 4 #ifndef _IPT_MARK_H 5 #define _IPT_MARK_H 6 7+enum { 8+ IPT_MARK_BIT_OP_NONE, 9+ IPT_MARK_BIT_OP_AND, 10+ IPT_MARK_BIT_OP_OR 11+}; 12+ 13 struct ipt_mark_info { 14 unsigned long mark, mask; 15 u_int8_t invert; 16+ u_int8_t bit_op; 17 }; 18 19 #endif /*_IPT_MARK_H*/ 20--- linux/net/ipv4/netfilter/ipt_mark.c.old Mon Mar 25 16:20:48 2002 21+++ linux/net/ipv4/netfilter/ipt_mark.c Mon Mar 25 15:32:27 2002 22@@ -15,9 +15,15 @@ 23 u_int16_t datalen, 24 int *hotdrop) 25 { 26- const struct ipt_mark_info *info = matchinfo; 27+ const struct ipt_mark_info *info = (struct ipt_mark_info *)matchinfo; 28 29- return ((skb->nfmark & info->mask) == info->mark) ^ info->invert; 30+ if (info->bit_op == IPT_MARK_BIT_OP_NONE) 31+ return (skb->nfmark == info->mark) ^ info->invert; 32+ else 33+ if (info->bit_op == IPT_MARK_BIT_OP_AND) 34+ return ((skb->nfmark & info->mask) == info->mark) ^ info->invert; 35+ else 36+ return ((skb->nfmark | info->mask) == info->mark) ^ info->invert; 37 } 38 39 static int 40