From 08a04414f24e21a07e58c2ccc750e1a57d4da6b6 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 2 Dec 2020 18:58:01 +0100 Subject: doc: Document 'dccp type' match Add a description of dccp_pkttype and extend DCCP header expression synopsis by the 'type' argument. Signed-off-by: Phil Sutter --- doc/data-types.txt | 43 +++++++++++++++++++++++++++++++++++++++++++ doc/payload-expression.txt | 5 ++++- 2 files changed, 47 insertions(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/data-types.txt b/doc/data-types.txt index a42a55fa..961fc624 100644 --- a/doc/data-types.txt +++ b/doc/data-types.txt @@ -492,3 +492,46 @@ For each of the types above, keywords are available for convenience: |================== Possible keywords for conntrack label type (ct_label) are read at runtime from /etc/connlabel.conf. + +DCCP PKTTYPE TYPE +~~~~~~~~~~~~~~~~ +[options="header"] +|================== +|Name | Keyword | Size | Base type +|DCCP packet type | +dccp_pkttype | +4 bit | +integer +|=================== + +The DCCP packet type abstracts the different legal values of the respective +four bit field in the DCCP header, as stated by RFC4340. Note that possible +values 10-15 are considered reserved and therefore not allowed to be used. In +iptables' *dccp* match, these values are aliased 'INVALID'. With nftables, one +may simply match on the numeric value range, i.e. *10-15*. + +.keywords may be used when specifying the DCCP packet type +[options="header"] +|================== +|Keyword |Value +|request| +0 +|response| +1 +|data| +2 +|ack| +3 +|dataack| +4 +|closereq| +5 +|close| +6 +|reset| +7 +|sync| +8 +|syncack| +9 +|================= diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index ffd1b671..a593e2e7 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -392,7 +392,7 @@ integer (32 bit) DCCP HEADER EXPRESSION ~~~~~~~~~~~~~~~~~~~~~~ [verse] -*dccp* {*sport* | *dport*} +*dccp* {*sport* | *dport* | *type*} .DCCP header expression [options="header"] @@ -404,6 +404,9 @@ inet_service |dport| Destination port| inet_service +|type| +Packet type| +dccp_pkttype |======================== AUTHENTICATION HEADER EXPRESSION -- cgit v1.2.3