extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 09:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Attempt to clarify packet/connection marking

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3826 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-05-01 20:01:29 +00:00
parent aec964766b
commit b5f0f5a50d
1 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
docs/traffic_shaping.xml
View File

@ -21,7 +21,7 @@
</author> </author>
</authorgroup> </authorgroup>
<pubdate>2006-03-30</pubdate> <pubdate>2006-05-01</pubdate>
<copyright> <copyright>
<year>2001-2006</year> <year>2001-2006</year>
@ -167,7 +167,7 @@
<firstterm>marking</firstterm> packets. Packet marks have a numeric <firstterm>marking</firstterm> packets. Packet marks have a numeric
value which is limited in Shorewall to the values 1-255. You assign value which is limited in Shorewall to the values 1-255. You assign
packet marks to different types of traffic using entries in the packet marks to different types of traffic using entries in the
<filename>/etc/shorewall/tcrules</filename> file.</para> <filename>/etc/shorewall/tcrules</filename> file. </para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -175,6 +175,12 @@
<firstterm>default class</firstterm>. This is the class to which unmarked <firstterm>default class</firstterm>. This is the class to which unmarked
traffic (packets to which you have not assigned a mark value in traffic (packets to which you have not assigned a mark value in
<filename>/etc/shorewall/tcrules</filename>) is assigned.</para> <filename>/etc/shorewall/tcrules</filename>) is assigned.</para>
<para>Netfilter also supports mark value on each connection. You can
assign connection mark values in
<filename>/etc/shorewall/tcrules</filename> or you can copy the current
packet's mark to the connection mark (SAVE) or you can copy the connection
mark value to the current packet (RESTORE).</para>
</section> </section>
<section> <section>
@ -470,7 +476,7 @@ ppp0 6000kbit 500kbit</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para>DEST -- Destination of the packet. Comma-separated list of IP <para>DEST - Destination of the packet. Comma-separated list of IP
addresses and/or subnets.</para> addresses and/or subnets.</para>
</listitem> </listitem>
@ -512,6 +518,27 @@ ppp0 6000kbit 500kbit</programlisting>
!:kids #program must not be run by a member of the 'kids' group !:kids #program must not be run by a member of the 'kids' group
+upnpd #program named upnpd (This feature was removed from Netfilter in kernel version 2.6.14).</programlisting> +upnpd #program named upnpd (This feature was removed from Netfilter in kernel version 2.6.14).</programlisting>
</listitem> </listitem>
<listitem>
<para>TEST - Defines a test on the existing packet or connection
mark. The rule will match only if the test returns true. Tests have
the format [!]&lt;value&gt;[/&lt;mask&gt;][:C]</para>
<para>Where:</para>
<simplelist>
<member>! Inverts the test (not equal)</member>
<member>&lt;value&gt; Value of the packet or connection
mark.</member>
<member>&lt;mask&gt; A mask to be applied to the mark before
testing</member>
<member>:C Designates a connection mark. If omitted, the packet
mark's value is tested.</member>
</simplelist>
</listitem>
</itemizedlist> </itemizedlist>
<example> <example>