iptables/extensions/libxt_HMARK.man

*a71a9546SAutomerger Merge WorkerLike MARK, i.e. set the fwmark, but the mark is calculated from hashing
*a71a9546SAutomerger Merge Workerpacket selector at choice. You have also to specify the mark range and,
*a71a9546SAutomerger Merge Workeroptionally, the offset to start from. ICMP error messages are inspected
*a71a9546SAutomerger Merge Workerand used to calculate the hashing.
*a71a9546SAutomerger Merge Worker.PP
*a71a9546SAutomerger Merge WorkerExisting options are:
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-tuple\fP tuple\fI\fP
*a71a9546SAutomerger Merge WorkerPossible tuple members are:
*a71a9546SAutomerger Merge Worker.B src
*a71a9546SAutomerger Merge Workermeaning source address (IPv4, IPv6 address),
*a71a9546SAutomerger Merge Worker.B dst
*a71a9546SAutomerger Merge Workermeaning destination address (IPv4, IPv6 address),
*a71a9546SAutomerger Merge Worker.B sport
*a71a9546SAutomerger Merge Workermeaning source port (TCP, UDP, UDPlite, SCTP, DCCP),
*a71a9546SAutomerger Merge Worker.B dport
*a71a9546SAutomerger Merge Workermeaning destination port (TCP, UDP, UDPlite, SCTP, DCCP),
*a71a9546SAutomerger Merge Worker.B spi
*a71a9546SAutomerger Merge Workermeaning Security Parameter Index (AH, ESP), and
*a71a9546SAutomerger Merge Worker.B ct
*a71a9546SAutomerger Merge Workermeaning the usage of the conntrack tuple instead of the packet selectors.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-mod\fP \fIvalue (must be > 0)\fP
*a71a9546SAutomerger Merge WorkerModulus for hash calculation (to limit the range of possible marks)
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-offset\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerOffset to start marks from.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge WorkerFor advanced usage, instead of using \-\-hmark\-tuple, you can specify custom
*a71a9546SAutomerger Merge Workerprefixes and masks:
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-src\-prefix\fP \fIcidr\fP
*a71a9546SAutomerger Merge WorkerThe source address mask in CIDR notation.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-dst\-prefix\fP \fIcidr\fP
*a71a9546SAutomerger Merge WorkerThe destination address mask in CIDR notation.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-sport\-mask\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerA 16 bit source port mask in hexadecimal.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-dport\-mask\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerA 16 bit destination port mask in hexadecimal.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-spi\-mask\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerA 32 bit field with spi mask.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-proto\-mask\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerAn 8 bit field with layer 4 protocol number.
*a71a9546SAutomerger Merge Worker.TP
*a71a9546SAutomerger Merge Worker\fB\-\-hmark\-rnd\fP \fIvalue\fP
*a71a9546SAutomerger Merge WorkerA 32 bit random custom value to feed hash calculation.
*a71a9546SAutomerger Merge Worker.PP
*a71a9546SAutomerger Merge Worker\fIExamples:\fP
*a71a9546SAutomerger Merge Worker.PP
*a71a9546SAutomerger Merge Workeriptables \-t mangle \-A PREROUTING \-m conntrack \-\-ctstate NEW
*a71a9546SAutomerger Merge Worker \-j HMARK \-\-hmark-tuple ct,src,dst,proto \-\-hmark-offset 10000
*a71a9546SAutomerger Merge Worker\-\-hmark\-mod 10 \-\-hmark\-rnd 0xfeedcafe
*a71a9546SAutomerger Merge Worker.PP
*a71a9546SAutomerger Merge Workeriptables \-t mangle \-A PREROUTING \-j HMARK \-\-hmark\-offset 10000
*a71a9546SAutomerger Merge Worker\-\-hmark-tuple src,dst,proto \-\-hmark-mod 10 \-\-hmark\-rnd 0xdeafbeef