IPMARK: IPv6 support

2025-09-20 11:34:57 +02:00 · 2008-04-08 20:00:40 +02:00
parent b63ac3be45
commit 2c7b1d5330
4 changed files with 111 additions and 15 deletions
--- a/extensions/libxt_IPMARK.man
+++ b/extensions/libxt_IPMARK.man
@@ -13,6 +13,11 @@ Perform bitwise `and' on the IP address and this mask.
 .TP
 .BI "--or-mask " "mask"
 Perform bitwise `or' on the IP address and this mask.
+.TP
+\fB--shift\fP \fIvalue\fP
+Shift addresses to the right by the given number of bits before taking it
+as a mark. (This is done before ANDing or ORing it.) This option is needed
+to select part of an IPv6 address, because marks are only 32 bits in size.
 .P
 The order of IP address bytes is reversed to meet "human order of bytes":
 192.168.0.1 is 0xc0a80001. At first the `and' operation is performed, then
@@ -43,3 +48,10 @@ iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
 .P
 On the routers with hundreds of users there should be significant load
 decrease (e.g. twice).
+.PP
+(IPv6 example) If the source address is of the form
+2001:db8:45:1d:20d:93ff:fe9b:e443 and the resulting mark should be 0x93ff,
+then a right-shift of 16 is needed first:
+.IP
+-t mangle -A PREROUTING -s 2001:db8::/32 -j IPMARK --addr src --shift 16
+--and-mask 0xFFFF