[lvs-users] [PATCH 2/2] In ipvsadm(8) add using nft or an eBPF program to set a packet mark

Quentin Armitage quentin at armitage.org.uk
Thu Aug 1 11:56:55 BST 2019


The ipvsadm(8) man page specified that a packet mark could be set
using iptables. It is now also possible to set the packet mark using
nft, and also via an eBPF program.
 
Signed-off-by: Quentin Armitage <quentin at armitage.org.uk>
---
 ipvsadm.8 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ipvsadm.8 b/ipvsadm.8
index aaee146..64a3526 100644
--- a/ipvsadm.8
+++ b/ipvsadm.8
@@ -196,9 +196,10 @@ Use SCTP service. See the -t|--tcp-service for the description of the
 .TP
 .B -f, --fwmark-service \fIinteger\fP
 Use a firewall-mark, an integer value greater than zero, to denote a
-virtual service instead of an address, port and protocol (UDP or
-TCP). The marking of packets with a firewall-mark is configured using
-the -m|--mark option to \fBiptables\fR(8). It can be used to build a
+virtual service instead of an address, port and protocol (UDP, TCP or
+SCTP). The marking of packets with a firewall-mark is configured using
+the -m|--mark option to \fBiptables\fR(8), the meta mark set \fIvalue\fR
+option to \fBnft\fR(8) or via an eBPF program. It can be used to build a
 virtual service associated with the same real servers, covering
 multiple IP address, port and protocol triplets. If IPv6 addresses
 are used, the -6 option must be used.
-- 
2.13.7




More information about the lvs-users mailing list