1 Module matches or adds connlabels to a connection. 2 connlabels are similar to connmarks, except labels are bit-based; i.e. 3 all labels may be attached to a flow at the same time. 4 Up to 128 unique labels are currently supported. 5 .TP 6 [\fB!\fP] \fB\-\-label\fP \fBname\fP 7 matches if label \fBname\fP has been set on a connection. 8 Instead of a name (which will be translated to a number, see EXAMPLE below), 9 a number may be used instead. Using a number always overrides connlabel.conf. 10 .TP 11 \fB\-\-set\fP 12 if the label has not been set on the connection, set it. 13 Note that setting a label can fail. This is because the kernel allocates the 14 conntrack label storage area when the connection is created, and it only 15 reserves the amount of memory required by the ruleset that exists at 16 the time the connection is created. 17 In this case, the match will fail (or succeed, in case \fB\-\-label\fP 18 option was negated). 19 .PP 20 This match depends on libnetfilter_conntrack 1.0.4 or later. 21 Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file. 22 .PP 23 Example: 24 .IP 25 .nf 26 0 eth0-in 27 1 eth0-out 28 2 ppp-in 29 3 ppp-out 30 4 bulk-traffic 31 5 interactive 32 .fi 33 .PP 34
