-Allows you to mark a received packet basing on its IP address. This
-can replace many mangle/mark entries with only one, if you use
-firewall based classifier.
-This target is to be used inside the mangle table, in the PREROUTING,
-.BI "--addr " "src/dst"
-Use source or destination IP address.
-.BI "--and-mask " "mask"
-Perform bitwise `and' on the IP address and this mask.
-.BI "--or-mask " "mask"
-Perform bitwise `or' on the IP address and this mask.
-The order of IP address bytes is reversed to meet "human order of bytes":
- is 0xc0a80001. At first the `and' operation is performed, then
-We create a queue for each user, the queue number is adequate
-to the IP address of the user, e.g.: all packets going to/from
-are directed to 1:0502 queue, -> 1:050c etc.
-We have one classifier rule:
-tc filter add dev eth3 parent 1:0 protocol ip fw
-Earlier we had many rules just like below:
-iptables -t mangle -A POSTROUTING -o eth3 -d -j MARK
---set-mark 0x10502
-iptables -t mangle -A POSTROUTING -o eth3 -d -j MARK
---set-mark 0x10503
-Using IPMARK target we can replace all the mangle/mark rules with only one:
-iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
---and-mask=0xffff --or-mask=0x10000
-On the routers with hundreds of users there should be significant load
-decrease (e.g. twice).