diff options
author | Harout Hedeshian <harouth@codeaurora.org> | 2015-07-13 10:01:30 -0600 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-15 18:40:41 +0200 |
commit | 195e47b911918a6ee28cca80f8023a24ca3b598b (patch) | |
tree | 7ba6719d6832f8b85c9cb12420d52a4a36a25704 /extensions/libxt_socket.man | |
parent | d4b7718fbacc801cba070f29f32aae121e3b705c (diff) |
extensions: libxt_socket: update man pages and tests for --restore-skmark
Update the man pages for libxt_socket with a description and example
usage of the --restore-skmark option.
Also added tests for libxt_socket with various combinations of
--restore-skmark and the existing options.
Signed-off-by: Harout Hedeshian <harouth@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_socket.man')
-rw-r--r-- | extensions/libxt_socket.man | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/extensions/libxt_socket.man b/extensions/libxt_socket.man index 2ef32cec..f809df69 100644 --- a/extensions/libxt_socket.man +++ b/extensions/libxt_socket.man @@ -20,3 +20,17 @@ option instead. Example (assuming packets with mark 1 are delivered locally): .IP \-t mangle \-A PREROUTING \-m socket \-\-transparent \-j MARK \-\-set\-mark 1 +.TP +\fB\-\-restore\-skmark\fP +Set the packet mark to the matching socket's mark. Can be combined with the +\fB\-\-transparent\fP and \fB\-\-nowildcard\fP options to restrict the sockets +to be matched when restoring the packet mark. +.PP +Example: An application opens 2 transparent (\fBIP_TRANSPARENT\fP) sockets and +sets a mark on them with \fBSO_MARK\fP socket option. We can filter matching packets: +.IP +\-t mangle \-I PREROUTING \-m socket \-\-transparent \-\-restore-skmark \-j action +.IP +\-t mangle \-A action \-m mark \-\-mark 10 \-j action2 +.IP +\-t mangle \-A action \-m mark \-\-mark 11 \-j action3 |