Home | History | Annotate | Download | only in extensions 
      1 This module sets the netfilter mark value associated with a connection. The
      2 mark is 32 bits wide.
      3 .TP
      4 \fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
      5 Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark.
      6 .TP
      7 \fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
      8 Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
      9 masks. The new nfmark value is determined as follows:
     10 .IP
     11 ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
     12 .IP
     13 i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the
     14 nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to
     15 0xFFFFFFFF.
     16 .TP
     17 \fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
     18 Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
     19 masks. The new ctmark value is determined as follows:
     20 .IP
     21 nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP);
     22 .IP
     23 i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the
     24 ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to
     25 0xFFFFFFFF.
     26 .IP
     27 \fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
     28 .PP
     29 The following mnemonics are available for \fB\-\-set\-xmark\fP:
     30 .TP
     31 \fB\-\-and\-mark\fP \fIbits\fP
     32 Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
     33 0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
     34 .TP
     35 \fB\-\-or\-mark\fP \fIbits\fP
     36 Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
     37 \fIbits\fP\fB/\fP\fIbits\fP.)
     38 .TP
     39 \fB\-\-xor\-mark\fP \fIbits\fP
     40 Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
     41 \fIbits\fP\fB/0\fP.)
     42 .TP
     43 \fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
     44 Set the connection mark. If a mask is specified then only those bits set in the
     45 mask are modified.
     46 .TP
     47 \fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
     48 Copy the nfmark to the ctmark. If a mask is specified, only those bits are
     49 copied.
     50 .TP
     51 \fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
     52 Copy the ctmark to the nfmark. If a mask is specified, only those bits are
     53 copied. This is only valid in the \fBmangle\fP table.
     54