diff options
| author | Florian Westphal <fw@strlen.de> | 2016-12-11 18:02:34 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2017-08-22 23:51:02 +0200 |
| commit | 0c0b2452bc3c96cf3db09eb8cbf62778a2fd8f6c (patch) | |
| tree | 8ab752666dda2f50c396501f1fb95ff43b90eac1 /doc/nft.xml | |
| parent | d74eed8c9649e9278b69f2cd0fd92f71e3e19cfb (diff) | |
src: add tcp options set support
This adds support for tcp mss mangling:
nft add rule filter input tcp option maxseg size 1200
Its also possible to change other tcp option fields, but
maxseg is one of the more useful ones to change.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/nft.xml')
| -rw-r--r-- | doc/nft.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index d7aae3f0..d3213d02 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -4259,6 +4259,22 @@ ip forward ip dscp set 42 </para> </refsect2> <refsect2> + <title>Extension header statement</title> + <para> + The extension header statement alters packet content in variable-sized headers. + This can currently be used to alter the TCP Maximum segment size of packets, + similar to TCPMSS. + </para> + <para> + <example> + <title>change tcp mss</title> + <programlisting> +tcp option maxseg size set 1360 + </programlisting> + </example> + </para> + </refsect2> + <refsect2> <title>Log statement</title> <para> <cmdsynopsis> |