Merge branch 'ipset'

This provides the ipset skbinfo extension.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 21 insertions, 0 deletions

diff --git a/extensions/libxt_SET.man b/extensions/libxt_SET.man
index c35ba93d..78a9ae0f 100644
--- a/extensions/libxt_SET.man
+++ b/extensions/libxt_SET.man
@@ -6,6 +6,10 @@ add the address(es)/port(s) of the packet to the set
 .TP
 \fB\-\-del\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...]
 delete the address(es)/port(s) of the packet from the set
+.TP
+\fB\-\-map\-set\fP \fIsetname\fP \fIflag\fP[\fB,\fP\fIflag\fP...] 
+[\-\-map\-mark] [\-\-map\-prio] [\-\-map\-queue]
+map packet properties (firewall mark, tc priority, hardware queue)
 .IP
 where \fIflag\fP(s) are
 .BR "src"
@@ -20,6 +24,23 @@ one from the set definition
 \fB\-\-exist\fP
 when adding an entry if it already exists, reset the timeout value
 to the specified one or to the default from the set definition
+.TP
+\fB\-\-map\-set\fP \fIset\-name\fP
+the set-name should be created with --skbinfo option
+\fB\-\-map\-mark\fP
+map firewall mark to packet by lookup of value in the set
+\fB\-\-map\-prio\fP
+map traffic control priority to packet by lookup of value in the set
+\fB\-\-map\-queue\fP
+map hardware NIC queue to packet by lookup of value in the set
+.IP
+The
+\fB\-\-map\-set\fP
+option can be used from the mangle table only. The
+\fB\-\-map\-prio\fP
+and
+\fB\-\-map\-queue\fP
+flags can be used in the OUTPUT, FORWARD and POSTROUTING chains.
 .PP
 Use of -j SET requires that ipset kernel support is provided, which, for
 standard kernels, is the case since Linux 2.6.39.