1Module matches or adds connlabels to a connection. 2connlabels are similar to connmarks, except labels are bit-based; i.e. 3all labels may be attached to a flow at the same time. 4Up to 128 unique labels are currently supported. 5.TP 6[\fB!\fP] \fB\-\-label\fP \fBname\fP 7matches if label \fBname\fP has been set on a connection. 8Instead of a name (which will be translated to a number, see EXAMPLE below), 9a number may be used instead. Using a number always overrides connlabel.conf. 10.TP 11\fB\-\-set\fP 12if the label has not been set on the connection, set it. 13Note that setting a label can fail. This is because the kernel allocates the 14conntrack label storage area when the connection is created, and it only 15reserves the amount of memory required by the ruleset that exists at 16the time the connection is created. 17In this case, the match will fail (or succeed, in case \fB\-\-label\fP 18option was negated). 19.PP 20This match depends on libnetfilter_conntrack 1.0.4 or later. 21Label translation is done via the \fB/etc/xtables/connlabel.conf\fP configuration file. 22.PP 23Example: 24.IP 25.nf 260 eth0-in 271 eth0-out 282 ppp-in 293 ppp-out 304 bulk-traffic 315 interactive 32.fi 33.PP 34