Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / iptables / 1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c / . / extensions / libxt_CONNMARK.man
blob: 571ce3700989945cf18df58b674af7ca35cea076 [file] [log] [blame]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]1This module sets the netfilter mark value associated with a connection.
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]2.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]3\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]4Zero out the bits given by \fImask\fR and XOR \fIvalue\fR into the ctmark.
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]5.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]6\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]7Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
8masks. The new nfmark value is determined as follows:
9.IP
10ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
11.IP
12i.e. \fIctmask\fR defines what bits to clear and \fInfmask\fR what bits of the
13nfmark to XOR into the ctmark. \fIctmask\fR and \fInfmask\fR default to
140xFFFFFFFF.
Henrik Nordstromc2794132004-01-22 15:04:24 +0000[diff] [blame]15.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]16\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]17Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
18masks. The new ctmark value is determined as follows:
19.IP
20nfmark = (nfmark & ~\fInfmask\fR) ^ (ctmark & \fIctmask\fR);
21.IP
22i.e. \fInfmask\fR defines what bits to clear and \fIctmask\fR what bits of the
23ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to
240xFFFFFFFF.
25.IP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]26\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]27.PP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]28The following mnemonics are available for \fB\-\-set\-xmark\fP:
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]29.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]30\fB\-\-and\-mark\fP \fIbits\fP
31Binary AND the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]320/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
33.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]34\fB\-\-or\-mark\fP \fIbits\fP
35Binary OR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]36\fIbits\fR\fB/\fR\fIbits\fR.)
37.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]38\fB\-\-xor\-mark\fP \fIbits\fP
39Binary XOR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]40\fIbits\fR\fB/0\fR.)
41.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]42\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]43Set the connection mark. If a mask is specified then only those bits set in the
44mask are modified.
45.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]46\fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]47Copy the nfmark to the ctmark. If a mask is specified, only those bits are
48copied.
49.TP
Jan Engelhardtfea74bf2009-01-12 04:53:18 +0100[diff] [blame]50\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
Jan Engelhardtff068712008-01-29 13:36:27 +0000[diff] [blame]51Copy the ctmark to the nfmark. If a mask is specified, only those bits are
52copied. This is only valid in the \fBmangle\fR table.