libxt_CONNMARK.man revision ff068719055ae2327d94c79048381c09d3b744c4 
1This module sets the netfilter mark value associated with a connection.
2.TP
3\fB--set-xmark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
4Zero out the bits given by \fImask\fR and XOR \fIvalue\fR into the ctmark.
5.TP
6\fB--save-mark\fR [\fB--nfmask\fR \fInfmask\fR] [\fB--ctmask\fR \fIctmask\fR]
7Copy the packet mark (nfmark) to the connection mark (ctmark) using the given
8masks. The new nfmark value is determined as follows:
9.IP
10ctmark = (ctmark & ~ctmask) ^ (nfmark & nfmask)
11.IP
12i.e. \fIctmask\fR defines what bits to clear and \fInfmask\fR what bits of the
13nfmark to XOR into the ctmark. \fIctmask\fR and \fInfmask\fR default to
140xFFFFFFFF.
15.TP
16\fB--restore-mark\fR [\fB--nfmask\fR \fInfmask\fR] [\fB--ctmask\fR \fIctmask\fR]
17Copy the connection mark (ctmark) to the packet mark (nfmark) using the given
18masks. The new ctmark value is determined as follows:
19.IP
20nfmark = (nfmark & ~\fInfmask\fR) ^ (ctmark & \fIctmask\fR);
21.IP
22i.e. \fInfmask\fR defines what bits to clear and \fIctmask\fR what bits of the
23ctmark to XOR into the nfmark. \fIctmask\fR and \fInfmask\fR default to
240xFFFFFFFF.
25.IP
26\fB--restore-mark\fR is only valid in the \fBmangle\fR table.
27.PP
28The following mnemonics are available for \fB--set-xmark\fR:
29.TP
30\fB--and-mark\fR \fIbits\fR
31Binary AND the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark
320/\fR\fIinvbits\fR, where \fIinvbits\fR is the binary negation of \fIbits\fR.)
33.TP
34\fB--or-mark\fR \fIbits\fR
35Binary OR the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark\fR
36\fIbits\fR\fB/\fR\fIbits\fR.)
37.TP
38\fB--xor-mark\fR \fIbits\fR
39Binary XOR the ctmark with \fIbits\fR. (Mnemonic for \fB--set-xmark\fR
40\fIbits\fR\fB/0\fR.)
41.TP
42\fB--set-mark\fR \fIvalue\fR[\fB/\fR\fImask\fR]
43Set the connection mark. If a mask is specified then only those bits set in the
44mask are modified.
45.TP
46\fB--save-mark\fR [\fB--mask\fR \fImask\fR]
47Copy the nfmark to the ctmark. If a mask is specified, only those bits are
48copied.
49.TP
50\fB--restore-mark\fR [\fB--mask\fR \fImask\fR]
51Copy the ctmark to the nfmark. If a mask is specified, only those bits are
52copied. This is only valid in the \fBmangle\fR table.
53