From 6cec0716ccecda3d3d70ec9f8f6be0d8da4bb419 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 2 Jan 2023 15:36:37 +0100 Subject: doc: add gre matching expression Document new vxlan matching expression. This includes support for matching the encapsulated ethernet frame layer 3 and 4 headers. Signed-off-by: Pablo Neira Ayuso --- doc/payload-expression.txt | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'doc/payload-expression.txt') diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index c15f2717..f7ff7c10 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -532,6 +532,36 @@ compression Parameter Index | integer (16 bit) |============================ +GRE HEADER EXPRESSION +~~~~~~~~~~~~~~~~~~~~~~~ +[verse] +*gre* {*flags* | *version* | *protocol*} +*gre* *ip* {*version* | *hdrlength* | *dscp* | *ecn* | *length* | *id* | *frag-off* | *ttl* | *protocol* | *checksum* | *saddr* | *daddr* } +*gre* *ip6* {*version* | *dscp* | *ecn* | *flowlabel* | *length* | *nexthdr* | *hoplimit* | *saddr* | *daddr*} + +The gre expression is used to match on the gre header fields. This expression +also allows to match on the IPv4 or IPv6 packet within the gre header. + +.GRE header expression +[options="header"] +|================== +|Keyword| Description| Type +|flags| +checksum, routing, key, sequence and strict source route flags| +integer (5 bit) +|version| +gre version field, 0 for GRE and 1 for PPTP| +integer (3 bit) +|protocol| +EtherType of encapsulated packet| +integer (16 bit) +|================== + +.Matching inner IPv4 destination address encapsulated in gre +------------------------------------------------------------ +netdev filter ingress gre ip daddr 9.9.9.9 counter +------------------------------------------------------------ + VXLAN HEADER EXPRESSION ~~~~~~~~~~~~~~~~~~~~~~~ [verse] -- cgit v1.2.3