\fB--addr\fP {\fBsrc\fP|\fBdst\fP}
Select source or destination IP address as a basis for the mark.
.TP
-.BI "--and-mask " "mask"
-Perform bitwise `and' on the IP address and this mask.
+\fB--and-mask\fP \fImask\fP
+Perform bitwise AND on the IP address and this bitmask.
.TP
-.BI "--or-mask " "mask"
-Perform bitwise `or' on the IP address and this mask.
+\fB--or-mask\fP \fImask\fP
+Perform bitwise OR on the IP address and this bitmask.
.TP
\fB--shift\fP \fIvalue\fP
Shift addresses to the right by the given number of bits before taking it
as a mark. (This is done before ANDing or ORing it.) This option is needed
to select part of an IPv6 address, because marks are only 32 bits in size.
-.P
+.PP
The order of IP address bytes is reversed to meet "human order of bytes":
-192.168.0.1 is 0xc0a80001. At first the `and' operation is performed, then
-`or'.
-
+192.168.0.1 is 0xc0a80001. At first the "AND" operation is performed, then
+"OR".
+.PP
Examples:
-
+.PP
We create a queue for each user, the queue number is adequate
to the IP address of the user, e.g.: all packets going to/from 192.168.5.2
are directed to 1:0502 queue, 192.168.5.12 -> 1:050c etc.
-
+.PP
We have one classifier rule:
.IP
tc filter add dev eth3 parent 1:0 protocol ip fw
-.P
+.PP
Earlier we had many rules just like below:
.IP
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.2 -j MARK
.IP
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.3 -j MARK
--set-mark 0x10503
-.P
+.PP
Using IPMARK target we can replace all the mangle/mark rules with only one:
.IP
-iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
---and-mask=0xffff --or-mask=0x10000
-.P
+iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr dst
+--and-mask 0xffff --or-mask 0x10000
+.PP
On the routers with hundreds of users there should be significant load
decrease (e.g. twice).
.PP
projects / thirdparty / xtables-addons.git / commitdiff
