libxt_CONNMARK.man revision e37d45ce390c2f5a7f1e64742b9100ecef0def54 
1a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)This module sets the netfilter mark value associated with a connection. The
2a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)mark is 32 bits wide.
3a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles).TP
4a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
5a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)Zero out the bits given by \fImask\fP and XOR \fIvalue\fP into the ctmark.
6a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles).TP
7a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
8a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
9a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)masks. The new nfmark value is determined as follows:
105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).IP
115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
12a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles).IP
13a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)i.e. \fIctmask\fP defines what bits to clear and \fInfmask\fP what bits of the
14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)nfmark to XOR into the ctmark. \fIctmask\fP and \fInfmask\fP default to
15a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)0xFFFFFFFF.
16a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles).TP
17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)masks. The new ctmark value is determined as follows:
20a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles).IP
21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)nfmark = (nfmark & ~\fInfmask\fP) ^ (ctmark & \fIctmask\fP);
225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).IP
235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)i.e. \fInfmask\fP defines what bits to clear and \fIctmask\fP what bits of the
245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)ctmark to XOR into the nfmark. \fIctmask\fP and \fInfmask\fP default to
255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)0xFFFFFFFF.
265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).IP
275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).PP
295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)The following mnemonics are available for \fB\-\-set\-xmark\fP:
305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).TP
315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fB\-\-and\-mark\fP \fIbits\fP
325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)Binary AND the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark
335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)0/\fP\fIinvbits\fP, where \fIinvbits\fP is the binary negation of \fIbits\fP.)
345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).TP
355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fB\-\-or\-mark\fP \fIbits\fP
365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)Binary OR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fIbits\fP\fB/\fP\fIbits\fP.)
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).TP
395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fB\-\-xor\-mark\fP \fIbits\fP
405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)Binary XOR the ctmark with \fIbits\fP. (Mnemonic for \fB\-\-set\-xmark\fP
415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fIbits\fP\fB/0\fP.)
425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles).TP
435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
44a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)Set the connection mark. If a mask is specified then only those bits set in the
45a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)mask are modified.
46a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles).TP
47a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)\fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
48a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)Copy the nfmark to the ctmark. If a mask is specified, only those bits are
49a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)copied.
50a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles).TP
51a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
52a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)Copy the ctmark to the nfmark. If a mask is specified, only those bits are
53a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)copied. This is only valid in the \fBmangle\fP table.
54a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)