blob: 9317923985a22461b9ed7136de3ca577ff2850f2 [file] [log] [blame]
Jan Engelhardtbc579062009-10-05 13:24:02 +02001This module sets the netfilter mark value associated with a connection. The
2mark is 32 bits wide.
Henrik Nordstromc2794132004-01-22 15:04:24 +00003.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +01004\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Jan Engelhardtc6775d62010-07-23 21:23:05 +02005Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark.
Henrik Nordstromc2794132004-01-22 15:04:24 +00006.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +01007\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +00008Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
9masks. The new nfmark value is determined as follows:
10.IP
11ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
12.IP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020013i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the
14nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to
Jan Engelhardtff068712008-01-29 13:36:27 +0000150xFFFFFFFF.
Henrik Nordstromc2794132004-01-22 15:04:24 +000016.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010017\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +000018Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
19masks. The new ctmark value is determined as follows:
20.IP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020021nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP);
Jan Engelhardtff068712008-01-29 13:36:27 +000022.IP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020023i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the
24ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to
Jan Engelhardtff068712008-01-29 13:36:27 +0000250xFFFFFFFF.
26.IP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010027\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
Jan Engelhardtff068712008-01-29 13:36:27 +000028.PP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010029The following mnemonics are available for \fB\-\-set\-xmark\fP:
Jan Engelhardtff068712008-01-29 13:36:27 +000030.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010031\fB\-\-and\-mark\fP \fIbits\fP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020032Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
330/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
Jan Engelhardtff068712008-01-29 13:36:27 +000034.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010035\fB\-\-or\-mark\fP \fIbits\fP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020036Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
37\fIbits\fP\fB/\fP\fIbits\fP.)
Jan Engelhardtff068712008-01-29 13:36:27 +000038.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010039\fB\-\-xor\-mark\fP \fIbits\fP
Jan Engelhardtc6775d62010-07-23 21:23:05 +020040Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
41\fIbits\fP\fB/0\fP.)
Jan Engelhardtff068712008-01-29 13:36:27 +000042.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010043\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +000044Set the connection mark. If a mask is specified then only those bits set in the
45mask are modified.
46.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010047\fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +000048Copy the nfmark to the ctmark. If a mask is specified, only those bits are
49copied.
50.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +010051\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +000052Copy the ctmark to the nfmark. If a mask is specified, only those bits are
Jan Engelhardtc6775d62010-07-23 21:23:05 +020053copied. This is only valid in the \fBmangle\fP table.