doc: Document notrack statement

Merely a stub, but better to mention it explicitly instead of having it appear in synproxy examples and letting users guess as to what it does. Signed-off-by: Phil Sutter <phil@nwl.cc> Reviewed-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2020-06-22 15:07:40 +0200
committer: Phil Sutter <phil@nwl.cc> 2020-06-22 15:25:35 +0200
commit: f16fbe76f62dcb9f7395d1837ad2d056463ba55f (patch)
tree: a8cd317865882fcfcba13e97ded47a5d4d82dc54
parent: 7c8a44b25c22407329e201ed3c7098166a8d9e75 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/statements.txt b/doc/statements.txt
index ced311cb..607aee13 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -263,6 +263,20 @@ table inet raw {
 ct event set new,related,destroy
 --------------------------------------
 
+NOTRACK STATEMENT
+~~~~~~~~~~~~~~~~~
+The notrack statement allows to disable connection tracking for certain
+packets.
+
+[verse]
+*notrack*
+
+Note that for this statement to be effective, it has to be applied to packets
+before a conntrack lookup happens. Therefore, it needs to sit in a chain with
+either prerouting or output hook and a hook priority of -300 or less.
+
+See SYNPROXY STATEMENT for an example usage.
+
 META STATEMENT
 ~~~~~~~~~~~~~~
 A meta statement sets the value of a meta expression. The existing meta fields
author	Phil Sutter <phil@nwl.cc>	2020-06-22 15:07:40 +0200
committer	Phil Sutter <phil@nwl.cc>	2020-06-22 15:25:35 +0200
commit	f16fbe76f62dcb9f7395d1837ad2d056463ba55f (patch)
tree	a8cd317865882fcfcba13e97ded47a5d4d82dc54
parent	7c8a44b25c22407329e201ed3c7098166a8d9e75 (diff)