More manpage updates

manpages/shorewall-tcrules.xml

@@ -49,8 +49,10 @@
         role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
         role="bold">SAVE</emphasis>[<emphasis
         role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
-        role="bold">CONTINUE</emphasis>|SAME|<emphasis
+        role="bold">CONTINUE</emphasis>|<emphasis
-        role="bold">COMMENT</emphasis>|IPMARK[([(<emphasis
+        role="bold">SAME</emphasis>|<emphasis
+        role="bold">COMMENT</emphasis>|<emphasis
+        role="bold">IPMARK</emphasis>[([(<emphasis
         role="bold">src</emphasis>|<emphasis
         role="bold">dst</emphasis>}][,[<emphasis>mask1</emphasis>][,[<emphasis>mask2</emphasis>][,[<emphasis>shift</emphasis>]]]]])]}[<emphasis
         role="bold">:</emphasis>{<emphasis role="bold">C</emphasis>|<emphasis
@@ -283,7 +285,7 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
               to each matching packet based on the either the source or
               destination IP address. By default, it assigns a mark value
               equal to the low-order 8 bits of the source address. Default
-              values are: </para>
+              values are:</para>
 
               <simplelist>
                 <member>src</member>
@@ -319,7 +321,7 @@ SAME              $FW            0.0.0.0/0    tcp        80,443</programlisting>
 
                   <member>0x8400 &gt;&gt; 8 = 0x84</member>
 
-                  <member>Mark = 0x84 = 132 </member>
+                  <member>Mark = 0x84 = 132</member>
                 </simplelist>
               </blockquote>
             </listitem>

manpages6/shorewall6-tcclasses.xml

@@ -287,6 +287,41 @@
                 </note>
               </listitem>
             </varlistentry>
+
+            <varlistentry>
+              <term><emphasis
+              role="bold">occurs</emphasis>=<emphasis>number</emphasis></term>
+
+              <listitem>
+                <para>Typically used with an IPMARK entry in tcrules. Causes
+                the rule to be replicated for a total of
+                <emphasis>number</emphasis> rules. Each rule has a
+                successively class number and mark value.</para>
+
+                <para>When 'occurs' is used:</para>
+
+                <itemizedlist>
+                  <listitem>
+                    <para>The associated device may not have the 'classify'
+                    option.</para>
+                  </listitem>
+
+                  <listitem>
+                    <para>The class may not be the default class.</para>
+                  </listitem>
+
+                  <listitem>
+                    <para>The class may not have any 'tos=' options (including
+                    'tcp-ack').</para>
+                  </listitem>
+                </itemizedlist>
+
+                <para>The 'RATE' and 'CEIL' parameters apply to each instance
+                of the class. So the total RATE represented by an entry with
+                'occurs' will be the listed RATE multiplied by
+                <emphasis>number</emphasis>.</para>
+              </listitem>
+            </varlistentry>
           </variablelist>
         </listitem>
       </varlistentry>

manpages6/shorewall6-tcrules.xml

@@ -50,7 +50,10 @@
         role="bold">SAVE</emphasis>[<emphasis
         role="bold">/</emphasis><emphasis>mask</emphasis>]|<emphasis
         role="bold">CONTINUE</emphasis>|<emphasis
-        role="bold">COMMENT</emphasis>}[<emphasis
+        role="bold">COMMENT</emphasis>|<emphasis
+        role="bold">IPMARK</emphasis>[([(<emphasis
+        role="bold">src</emphasis>|<emphasis
+        role="bold">dst</emphasis>}][,[<emphasis>mask1</emphasis>][,[<emphasis>mask2</emphasis>][,[<emphasis>shift</emphasis>]]]]])]}[<emphasis
         role="bold">:</emphasis>{<emphasis role="bold">C</emphasis>|<emphasis
         role="bold">F</emphasis>|<emphasis role="bold">P</emphasis>|<emphasis
         role="bold">T</emphasis>|<emphasis role="bold">CF</emphasis>|<emphasis
@@ -241,6 +244,52 @@
               <para>To stop the comment from being attached to further rules,
               simply include COMMENT on a line by itself.</para>
             </listitem>
+
+            <listitem>
+              <para><emphasis role="bold">IPMARK</emphasis> ‒ Assigns a mark
+              to each matching packet based on the either the source or
+              destination IP address. By default, it assigns a mark value
+              equal to the low-order 8 bits of the source address. Default
+              values are:</para>
+
+              <simplelist>
+                <member>src</member>
+
+                <member><emphasis>mask1</emphasis> = 0xFF</member>
+
+                <member><emphasis>mask2</emphasis> = 0x00</member>
+
+                <member><emphasis>shift</emphasis> = 0</member>
+              </simplelist>
+
+              <para>'src' and 'dst' specify whether the mark is to be based on
+              the source or destination address respectively. The selected
+              address is first LANDed with <emphasis>mask1</emphasis> then
+              LORed with <emphasis>ma<emphasis>s</emphasis>k2</emphasis>. The
+              result is then shifted <emphasis>shift</emphasis> bits to the
+              right.</para>
+
+              <para>Example:</para>
+
+              <blockquote>
+                <para><simplelist>
+                    <member>IPMARK(dst, 0XFF00, 0x8000,8)</member>
+
+                    <member>Destination IP address is 192.168.4.3 =
+                    0xc0a80103</member>
+                  </simplelist>Meaning:</para>
+
+                <simplelist>
+                  <member>0xc0a80403 LAND 0xFF00 = 0x0400</member>
+
+                  <member>0x0400 LOR 0x80 = 0x8400</member>
+
+                  <member>0x8400 &gt;&gt; 8 = 0x84</member>
+
+                  <member>Mark = 0x84 = 132</member>
+                </simplelist>
+              </blockquote>
+            </listitem>
           </orderedlist>
         </listitem>
       </varlistentry>