diff --git a/docs/PacketMarking.xml b/docs/PacketMarking.xml
index eb30ad4d1..b71caec69 100644
--- a/docs/PacketMarking.xml
+++ b/docs/PacketMarking.xml
@@ -267,6 +267,97 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
Connection marking rules use a mask value of 0xff.
+
+ Shorewall actually allows you to have complete control over the
+ layout of the 32-bit mark using the following options in shorewall.conf (5):
+
+
+
+ TC_BITS
+
+
+ The number of bits at the low end of the mark to be used for
+ traffic shaping marking. May be zero.
+
+
+
+
+ PROVIDER_BITS
+
+
+ The number of bits in the mark to be used for provider
+ numbers. May be zero.
+
+
+
+
+ PROVIDER_OFFSET
+
+
+ The offset from the right (low-order end) of the provider
+ number field. If non-zero, must be >= TC_BITS (Shorewall
+ automatically adjusts PROVIDER_OFFSET's value). PROVIDER_OFFSET +
+ PROVIDER_BITS must be <= 32.
+
+
+
+
+ MASK_BITS
+
+
+ Number of bits on the right of the mark to be masked when
+ clearing the traffic shaping mark. Must be >= TC_BITS and <=
+ PROVIDER_OFFSET (if PROVIDER_OFFSET > 0)
+
+
+
+
+ The relationship between these options is shown in this
+ diagram.
+
+
+
+
+
+ The default values of these options are determined by the settings
+ of other options as follows:
+
+
+ Default Values
+
+
+
+
+ WIDE_TC_MARKS=No, HIGH_ROUTE_MARKS=No
+
+ TC_BITS=8, PROVIDER_BITS=0, PROVIDER_OFFSET=0,
+ MASK_BITS=8
+
+
+
+ WIDE_TC_MARKS=No, HIGH_ROUTE_MARKS=Yes
+
+ TC_BITS=8, PROVIDER_BITS=8, PROVIDER_OFFSET=8,
+ MASK_BITS=8
+
+
+
+ WIDE_TC_MARKS=Yes, HIGH_ROUTE_MARKS=No
+
+ TC_BITS=14, PROVIDER_BITS=8, PROVIDER_OFFSET=0,
+ MASK_BITS=16
+
+
+
+ WIDE_TC_MARKS=Yes, HIGH_ROUTE_MARKS=Yes
+
+ TC_BITS=14, PROVIDER_BITS=8, PROVIDER_OFFSET=16,
+ MASK_BITS=16
+
+
+
+
diff --git a/docs/images/MarkGeometry.dia b/docs/images/MarkGeometry.dia
new file mode 100644
index 000000000..9242cbfdb
Binary files /dev/null and b/docs/images/MarkGeometry.dia differ
diff --git a/docs/images/MarkGeometry.png b/docs/images/MarkGeometry.png
new file mode 100644
index 000000000..471691884
Binary files /dev/null and b/docs/images/MarkGeometry.png differ
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 5eacd4271..211fa6379 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -589,11 +589,6 @@ net all DROP infothen the chain name is 'net2all'
You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the
packet mark and connection mark into two mark fields.
-
- From Shorewall 2.5.0 onward, this option is deprecated in
- favor of the PROVIDER_OFFSET option.
-
-
The width of the fields are determined by the setting of
WIDE_TC_MARKS. If WIDE_TC_MARKS=No (the default):
@@ -948,11 +943,11 @@ net all DROP infothen the chain name is 'net2all'
If the value starts with 's:' then logging is limited per
source IP. If the value starts with 'd:', then logging is limited
- per destination IP. Otherwise, the overall logging rate is limited.
-
+ per destination IP. Otherwise, the overall logging rate is
+ limited.
If burst is not specified, then a
- value of 5 is assumed.
+ value of 5 is assumed.
@@ -1834,11 +1829,6 @@ net all DROP infothen the chain name is 'net2all'
traffic shaping marks are 14 bytes wide (values 1-16383). The
setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).
-
-
- From Shorewall 2.5.0 onware, this option is deprecated in
- favor of the TC_BITS option.
-