diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-01-29 13:36:27 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-01-29 13:36:27 +0000 |
commit | ff068719055ae2327d94c79048381c09d3b744c4 (patch) | |
tree | bbb3ee304c3f8cc28f1513728019c3334a328283 /extensions/libxt_CONNMARK.man | |
parent | a99cb4444ceff1b0029c7e25b0714dbee9021b12 (diff) |
libxt_CONNMARK revision 1
Add support for xt_CONNMARK target revision 1.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Diffstat (limited to 'extensions/libxt_CONNMARK.man')
-rw-r--r-- | extensions/libxt_CONNMARK.man | 61 |
1 files changed, 49 insertions, 12 deletions
diff --git a/extensions/libxt_CONNMARK.man b/extensions/libxt_CONNMARK.man index 8b4de5a0..e39a02a5 100644 --- a/extensions/libxt_CONNMARK.man +++ b/extensions/libxt_CONNMARK.man @@ -1,15 +1,52 @@ -This module sets the netfilter mark value associated with a connection +This module sets the netfilter mark value associated with a connection. .TP -.B --set-mark mark[/mask] -Set connection mark. If a mask is specified then only those bits set in the -mask is modified. +\fB--set-xmark\fR \fIvalue\fR[\fB/\fR\fImask\fR] +Zero out the bits given by \fImask\fR and XOR \fIvalue\fR into the ctmark. .TP -.B --save-mark [--mask mask] -Copy the netfilter packet mark value to the connection mark. If a mask -is specified then only those bits are copied. +\fB--save-mark\fR [\fB--nfmask\fR \fInfmask\fR] [\fB--ctmask\fR \fIctmask\fR] +Copy the packet mark (nfmark) to the connection mark (ctmark) using the given +masks. The new nfmark value is determined as follows: +.IP +ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask) +.IP +i.e. \fIctmask\fR defines what bits to clear and \fInfmask\fR what bits of the +nfmark to XOR into the ctmark. \fIctmask\fR and \fInfmask\fR default to +0xFFFFFFFF. .TP -.B --restore-mark [--mask mask] -Copy the connection mark value to the packet. If a mask is specified -then only those bits are copied. This is only valid in the -.B mangle -table. +\fB--restore-mark\fR [\fB--nfmask\fR \fInfmask\fR] [\fB--ctmask\fR \fIctmask\fR] +Copy the connection mark (ctmark) to the packet mark (nfmark) using the given +masks. The new ctmark value is determined as follows: +.IP +nfmark = (nfmark & ~\fInfmask\fR) ^ (ctmark & \fIctmask\fR); +.IP +i.e. \fInfmask\fR defines what bits to clear and \fIctmask\fR what bits of the +ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to +0xFFFFFFFF. +.IP +\fB--restore-mark\fR is only valid in the \fBmangle\fR table. +.PP +The following mnemonics are available for \fB--set-xmark\fR: +.TP +\fB--and-mark\fR \fIbits\fR +Binary AND the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark +0/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.) +.TP +\fB--or-mark\fR \fIbits\fR +Binary OR the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark\fR +\fIbits\fR\fB/\fR\fIbits\fR.) +.TP +\fB--xor-mark\fR \fIbits\fR +Binary XOR the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark\fR +\fIbits\fR\fB/0\fR.) +.TP +\fB--set-mark\fR \fIvalue\fR[\fB/\fR\fImask\fR] +Set the connection mark. If a mask is specified then only those bits set in the +mask are modified. +.TP +\fB--save-mark\fR [\fB--mask\fR \fImask\fR] +Copy the nfmark to the ctmark. If a mask is specified, only those bits are +copied. +.TP +\fB--restore-mark\fR [\fB--mask\fR \fImask\fR] +Copy the ctmark to the nfmark. If a mask is specified, only those bits are +copied. This is only valid in the \fBmangle\fR table. |