diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-01-02 15:36:50 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-01-02 15:36:50 +0100 |
commit | 9215d41addac21da9cf4747680a1021e7fd8396f (patch) | |
tree | 81bd1ae27bf54cd88cd17ab4860dce82514a77f0 /doc | |
parent | 39a68d9ffd25c471ee2e908778c0ac37d39377de (diff) |
doc: add gretap matching expression
Document new gretap matching expression. This includes support for
matching the encapsulated ethernet frame layer 2, 3 and 4 headers
within the gre header.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/payload-expression.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 8d779f6a..f1de3447 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -595,6 +595,26 @@ integer (24 bit) netdev filter ingress udp dport 4789 geneve tcp dport 80 counter ---------------------------------------------------------- +GRETAP HEADER EXPRESSION +~~~~~~~~~~~~~~~~~~~~~~~~ +[verse] +*gretap* {*vni* | *flags*} +*gretap* *ether* {*daddr* | *saddr* | *type*} +*gretap* *vlan* {*id* | *dei* | *pcp* | *type*} +*gretap* *ip* {*version* | *hdrlength* | *dscp* | *ecn* | *length* | *id* | *frag-off* | *ttl* | *protocol* | *checksum* | *saddr* | *daddr* } +*gretap* *ip6* {*version* | *dscp* | *ecn* | *flowlabel* | *length* | *nexthdr* | *hoplimit* | *saddr* | *daddr*} +*gretap* *tcp* {*sport* | *dport* | *sequence* | *ackseq* | *doff* | *reserved* | *flags* | *window* | *checksum* | *urgptr*} +*gretap* *udp* {*sport* | *dport* | *length* | *checksum*} + +The gretap expression is used to match on the encapsulated ethernet frame +within the gre header. Use the *gre* expression to match on the *gre* header +fields. + +.Matching inner TCP destination port encapsulated in gretap +---------------------------------------------------------- +netdev filter ingress gretap tcp dport 80 counter +---------------------------------------------------------- + VXLAN HEADER EXPRESSION ~~~~~~~~~~~~~~~~~~~~~~~ [verse] |