libxt_CONNMARK.man revision fea74bf74ff524431ce65145f1523584edf99dc9 
1This module sets the netfilter mark value associated with a connection.
2.TP
3\fB\-\-set\-xmark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
4Zero out the bits given by \fImask\fR and XOR \fIvalue\fR into the ctmark.
5.TP
6\fB\-\-save\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
7Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
8masks. The new nfmark value is determined as follows:
9.IP
10ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
11.IP
12i.e. \fIctmask\fR defines what bits to clear and \fInfmask\fR what bits of the
13nfmark to XOR into the ctmark. \fIctmask\fR and \fInfmask\fR default to
140xFFFFFFFF.
15.TP
16\fB\-\-restore\-mark\fP [\fB\-\-nfmask\fP \fInfmask\fP] [\fB\-\-ctmask\fP \fIctmask\fP]
17Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
18masks. The new ctmark value is determined as follows:
19.IP
20nfmark = (nfmark & ~\fInfmask\fR) ^ (ctmark & \fIctmask\fR);
21.IP
22i.e. \fInfmask\fR defines what bits to clear and \fIctmask\fR what bits of the
23ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to
240xFFFFFFFF.
25.IP
26\fB\-\-restore\-mark\fP is only valid in the \fBmangle\fP table.
27.PP
28The following mnemonics are available for \fB\-\-set\-xmark\fP:
29.TP
30\fB\-\-and\-mark\fP \fIbits\fP
31Binary AND the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark
320/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
33.TP
34\fB\-\-or\-mark\fP \fIbits\fP
35Binary OR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
36\fIbits\fR\fB/\fR\fIbits\fR.)
37.TP
38\fB\-\-xor\-mark\fP \fIbits\fP
39Binary XOR the ctmark with \fIbits\fR. (Mnemonic for \fB\-\-set\-xmark\fP
40\fIbits\fR\fB/0\fR.)
41.TP
42\fB\-\-set\-mark\fP \fIvalue\fP[\fB/\fP\fImask\fP]
43Set the connection mark. If a mask is specified then only those bits set in the
44mask are modified.
45.TP
46\fB\-\-save\-mark\fP [\fB\-\-mask\fP \fImask\fP]
47Copy the nfmark to the ctmark. If a mask is specified, only those bits are
48copied.
49.TP
50\fB\-\-restore\-mark\fP [\fB\-\-mask\fP \fImask\fP]
51Copy the ctmark to the nfmark. If a mask is specified, only those bits are
52copied. This is only valid in the \fBmangle\fR table.
53