|
Packit |
7b22a4 |
This module sets the netfilter mark value associated with a connection. The
|
|
Packit |
7b22a4 |
mark is 32 bits wide.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
|
|
Packit |
7b22a4 |
Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
|
|
Packit |
7b22a4 |
Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
|
|
Packit |
7b22a4 |
masks. The new nfmark value is determined as follows:
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the
|
|
Packit |
7b22a4 |
nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to
|
|
Packit |
7b22a4 |
0xFFFFFFFF.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
|
|
Packit |
7b22a4 |
Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
|
|
Packit |
7b22a4 |
masks. The new ctmark value is determined as follows:
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP);
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the
|
|
Packit |
7b22a4 |
ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to
|
|
Packit |
7b22a4 |
0xFFFFFFFF.
|
|
Packit |
7b22a4 |
.IP
|
|
Packit |
7b22a4 |
\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
|
|
Packit |
7b22a4 |
.PP
|
|
Packit |
7b22a4 |
The following mnemonics are available for \fB\-\-set\-xmark\fP:
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-and\-mark\fP \fIbits\fP
|
|
Packit |
7b22a4 |
Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
|
|
Packit |
7b22a4 |
0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-or\-mark\fP \fIbits\fP
|
|
Packit |
7b22a4 |
Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
|
|
Packit |
7b22a4 |
\fIbits\fP\fB/\fP\fIbits\fP.)
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-xor\-mark\fP \fIbits\fP
|
|
Packit |
7b22a4 |
Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
|
|
Packit |
7b22a4 |
\fIbits\fP\fB/0\fP.)
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
|
|
Packit |
7b22a4 |
Set the connection mark. If a mask is specified then only those bits set in the
|
|
Packit |
7b22a4 |
mask are modified.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
|
|
Packit |
7b22a4 |
Copy the nfmark to the ctmark. If a mask is specified, only those bits are
|
|
Packit |
7b22a4 |
copied.
|
|
Packit |
7b22a4 |
.TP
|
|
Packit |
7b22a4 |
\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
|
|
Packit |
7b22a4 |
Copy the ctmark to the nfmark. If a mask is specified, only those bits are
|
|
Packit |
7b22a4 |
copied. This is only valid in the \fBmangle\fP table.
|