From 6cebd48bfc365b39cb65b6b46cee3f0482408202 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1t=C3=A9=20Eckl?= Date: Tue, 3 Jul 2018 16:20:10 +0200 Subject: doc: Add socket expression to man page MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Máté Eckl --- doc/nft.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) (limited to 'doc') diff --git a/doc/nft.xml b/doc/nft.xml index dc93a8c6..ef1b2c4e 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -3015,6 +3015,62 @@ raw prerouting meta secpath exists accept + + socket expression + + + socket + + transparent + + + + + Socket expression can be used to search for an existing open TCP/UDP socket + and its attributes that can be associated with a packet. It looks for an + established or non-zero bound listening socket (possibly with a non-local address). + + + + Available socket attributes + + + + + + + Name + Description + Type + + + + + transparent + + Value of the IP_TRANSPARENT socket option in the found socket. It can be 0 or 1. + + boolean (1 bit) + + + +
+ + + + Using socket expression + +# Mark packets that correspond to a transparent socket +table inet x { + chain y { + type filter hook prerouting priority -150; policy accept; + socket transparent 1 mark set 0x00000001 accept + } +} + + + + fib expressions -- cgit v1.2.3