summaryrefslogtreecommitdiffstats
path: root/userspace/ebtables2/ebtables.8
diff options
context:
space:
mode:
authorBart De Schuymer <bdschuym@pandora.be>2004-12-05 21:54:45 +0000
committerBart De Schuymer <bdschuym@pandora.be>2004-12-05 21:54:45 +0000
commit40be7b95976c9f62b4d5f576906d3259a64fb2c8 (patch)
treeff0613e25555ceb9fe39a58cf687d5346cac0e67 /userspace/ebtables2/ebtables.8
parent880131e63865e04cb82abb520a7abdc91113d9c7 (diff)
better help on mark match
Diffstat (limited to 'userspace/ebtables2/ebtables.8')
-rw-r--r--userspace/ebtables2/ebtables.835
1 files changed, 30 insertions, 5 deletions
diff --git a/userspace/ebtables2/ebtables.8 b/userspace/ebtables2/ebtables.8
index 73642e7..b78ae35 100644
--- a/userspace/ebtables2/ebtables.8
+++ b/userspace/ebtables2/ebtables.8
@@ -591,6 +591,26 @@ The destination port or port range for ip protocols 6 (TCP) and
17 (UDP). The flag
.B --ip-dport
is an alias for this option.
+<<<<<<< ebtables.8
+.SS limit
+This module matches at a limited rate using a token bucket filter.
+A rule using this extension will match until this limit is reached.
+It can be used with the
+.B --log
+watcher
+to give limited logging, for example. Its use is the same as the limit
+match of iptables.
+.TP
+.BR "--limit " "[\fIvalue\fP]"
+Maximum average matching rate: specified as a number, with an optional
+`/second', `/minute', `/hour', or `/day' suffix; the default is 3/hour.
+.TP
+.BR "--limit-burst " "[\fInumber\fP]"
+Maximum initial number of packets to match: this number gets recharged by
+one every time the limit specified above is not reached, up to this
+number; the default is 5.
+.SS pkttype
+=======
.SS limit
This module matches at a limited rate using a token bucket filter.
A rule using this extension will match until this limit is reached.
@@ -608,15 +628,20 @@ Maximum initial number of packets to match: this number gets recharged by
one every time the limit specified above is not reached, up to this
number; the default is 5.
.SS pkttype
+>>>>>>> 1.39
.SS mark_m
.TP
.BR "--mark " "[!] [\fIvalue\fP][/\fImask\fP]"
Matches frames with the given unsigned mark value. If a mark value and
mask is specified, the logical AND of the mark value of the frame and
-the user-specified mask is taken before comparing it with the user-specified
-mark value. If only a mask is specified (start with '/') the logical AND
-of the mark value of the frame and the user-specified mark is taken and
-the result is compared with zero.
+the user-specified mark mask is taken before comparing it with the
+user-specified mark value. When only a mark value is specified, the packet
+only matches when the mark value of the frame equals the user-specified
+mark value. If only a mark mask is specified (start with '/') the logical
+AND of the mark value of the frame and the user-specified mark mask is
+taken and the frame matches when the result of this logical AND is
+non-zero. Only specifying a mark mask is useful to match multiple mark
+values.
.SS pkttype
.TP
.BR "--pkttype-type " "[!] \fItype\fP"
@@ -831,7 +856,7 @@ if the br-nf code is compiled into the kernel. Both put the marking at the
same place. So, you can consider this fact as a feature, or as something to
watch out for.
.TP
-.BR "--set-mark " "\fIvalue\fP"
+.BR "--mark-set " "\fIvalue\fP"
.br
Mark the frame with the specified unsigned value.
.TP