src: add tcp options set support

This adds support for tcp mss mangling: nft add rule filter input tcp option maxseg size 1200 Its also possible to change other tcp option fields, but maxseg is one of the more useful ones to change. Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2016-12-11 18:02:34 +0100
committer: Florian Westphal <fw@strlen.de> 2017-08-22 23:51:02 +0200
commit: 0c0b2452bc3c96cf3db09eb8cbf62778a2fd8f6c (patch)
tree: 8ab752666dda2f50c396501f1fb95ff43b90eac1 /doc
parent: d74eed8c9649e9278b69f2cd0fd92f71e3e19cfb (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/doc/nft.xml b/doc/nft.xml
index d7aae3f0..d3213d02 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -4259,6 +4259,22 @@ ip forward ip dscp set 42
 			</para>
 		</refsect2>
 		<refsect2>
+			<title>Extension header statement</title>
+			<para>
+				The extension header statement alters packet content in variable-sized headers.
+				This can currently be used to alter the TCP Maximum segment size of packets,
+				similar to TCPMSS.
+			</para>
+			<para>
+				<example>
+					<title>change tcp mss</title>
+					<programlisting>
+tcp option maxseg size set 1360
+					</programlisting>
+				</example>
+			</para>
+		</refsect2>
+		<refsect2>
 			<title>Log statement</title>
 			<para>
 				<cmdsynopsis>
author	Florian Westphal <fw@strlen.de>	2016-12-11 18:02:34 +0100
committer	Florian Westphal <fw@strlen.de>	2017-08-22 23:51:02 +0200
commit	0c0b2452bc3c96cf3db09eb8cbf62778a2fd8f6c (patch)
tree	8ab752666dda2f50c396501f1fb95ff43b90eac1 /doc
parent	d74eed8c9649e9278b69f2cd0fd92f71e3e19cfb (diff)