Jan Engelhardt | bc57906 | 2009-10-05 13:24:02 +0200 | [diff] [blame] | 1 | This module sets the netfilter mark value associated with a connection. The |
| 2 | mark is 32 bits wide. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 3 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 4 | \fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP] |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 5 | Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 6 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 7 | \fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP] |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 8 | Copy the packet mark (nfmark) to the connection mark (ctmark) using the given |
| 9 | masks. The new nfmark value is determined as follows: |
| 10 | .IP |
| 11 | ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask) |
| 12 | .IP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 13 | i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the |
| 14 | nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 15 | 0xFFFFFFFF. |
Henrik Nordstrom | c279413 | 2004-01-22 15:04:24 +0000 | [diff] [blame] | 16 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 17 | \fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP] |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 18 | Copy the connection mark (ctmark) to the packet mark (nfmark) using the given |
| 19 | masks. The new ctmark value is determined as follows: |
| 20 | .IP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 21 | nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP); |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 22 | .IP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 23 | i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the |
| 24 | ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 25 | 0xFFFFFFFF. |
| 26 | .IP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 27 | \fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table. |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 28 | .PP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 29 | The following mnemonics are available for \fB\-\-set\-xmark\fP: |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 30 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 31 | \fB\-\-and\-mark\fP \fIbits\fP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 32 | Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark |
| 33 | 0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.) |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 34 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 35 | \fB\-\-or\-mark\fP \fIbits\fP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 36 | Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP |
| 37 | \fIbits\fP\fB/\fP\fIbits\fP.) |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 38 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 39 | \fB\-\-xor\-mark\fP \fIbits\fP |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 40 | Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP |
| 41 | \fIbits\fP\fB/0\fP.) |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 42 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 43 | \fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP] |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 44 | Set the connection mark. If a mask is specified then only those bits set in the |
| 45 | mask are modified. |
| 46 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 47 | \fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP] |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 48 | Copy the nfmark to the ctmark. If a mask is specified, only those bits are |
| 49 | copied. |
| 50 | .TP |
Jan Engelhardt | fea74bf | 2009-01-12 04:53:18 +0100 | [diff] [blame] | 51 | \fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP] |
Jan Engelhardt | ff06871 | 2008-01-29 13:36:27 +0000 | [diff] [blame] | 52 | Copy the ctmark to the nfmark. If a mask is specified, only those bits are |
Jan Engelhardt | c6775d6 | 2010-07-23 21:23:05 +0200 | [diff] [blame] | 53 | copied. This is only valid in the \fBmangle\fP table. |