diff options
| author | Quentin Armitage <quentin@armitage.org.uk> | 2019-08-01 11:56:55 +0100 |
|---|---|---|
| committer | Jesper Dangaard Brouer <brouer@redhat.com> | 2019-12-05 13:38:07 +0100 |
| commit | e904a8cd1d77129b5a97a3cb9caa72e31b772672 (patch) | |
| tree | 7361016cd5ebd0bdbfaa04433ec98f095f6b50f5 | |
| parent | 089387716f02522e543b661555983436b64a73b1 (diff) | |
| download | ipvsadm-e904a8cd1d77129b5a97a3cb9caa72e31b772672.tar.gz | |
In ipvsadm(8) add using nft or an eBPF program to set a packet mark
The ipvsadm(8) man page specified that a packet mark could be set
using iptables. It is now also possible to set the packet mark using
nft, and also via an eBPF program.
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
| -rw-r--r-- | ipvsadm.8 | 7 |
1 files changed, 4 insertions, 3 deletions
@@ -196,9 +196,10 @@ Use SCTP service. See the -t|--tcp-service for the description of the .TP .B -f, --fwmark-service \fIinteger\fP Use a firewall-mark, an integer value greater than zero, to denote a -virtual service instead of an address, port and protocol (UDP or -TCP). The marking of packets with a firewall-mark is configured using -the -m|--mark option to \fBiptables\fR(8). It can be used to build a +virtual service instead of an address, port and protocol (UDP, TCP or +SCTP). The marking of packets with a firewall-mark is configured using +the -m|--mark option to \fBiptables\fR(8), the meta mark set \fIvalue\fR +option to \fBnft\fR(8) or via an eBPF program. It can be used to build a virtual service associated with the same real servers, covering multiple IP address, port and protocol triplets. If IPv6 addresses are used, the -6 option must be used. |