From c38485441f4c153f28d2176e9ce17691244a3849 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 26 Jan 2018 14:27:12 +0100
Subject: doc: dup and fwd statements

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.xml | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)

(limited to 'doc')

diff --git a/doc/nft.xml b/doc/nft.xml
index 6a95ea68..d5b9c27c 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -5000,6 +5000,86 @@ add rule nat prerouting tcp dport 22 redirect to :2222
 				</table>
 			</para>
 		</refsect2>
+		<refsect2>
+			<title>Dup statement</title>
+			<para>
+				The dup statement is used to duplicate a packet and send the copy to a different destination.
+			</para>
+			<para>
+				<cmdsynopsis>
+						<command>dup</command>
+						<arg choice="none">to
+						<replaceable>device</replaceable></arg>
+				</cmdsynopsis>
+				<cmdsynopsis>
+						<command>dup</command>
+						<arg choice="none">to
+						<replaceable>address</replaceable>
+						<arg choice="none">device</arg>
+						<replaceable>device</replaceable></arg>
+				</cmdsynopsis>
+			</para>
+			<para>
+				<table frame="all">
+				<title>Dup statement values</title>
+					<tgroup cols='3' align='left' colsep='1' rowsep='1'>
+						<colspec colname='c1'/>
+						<colspec colname='c2'/>
+						<colspec colname='c3'/>
+						<thead>
+							<row>
+								<entry>Expression</entry>
+								<entry>Description</entry>
+								<entry>Type</entry>
+							</row>
+						</thead>
+						<tbody>
+							<row>
+								<entry>address</entry>
+								<entry>Specifies that the copy of the packet should be sent to a new gateway.</entry>
+								<entry>ipv4_addr, ipv6_addr, eg. abcd::1234, or you can use a mapping, eg. ip saddr map { 192.168.1.2 : 10.1.1.1 }</entry>
+							</row>
+							<row>
+								<entry>device</entry>
+								<entry>Specifies that the copy should be transmitted via device.</entry>
+								<entry>string</entry>
+							</row>
+						</tbody>
+					</tgroup>
+				</table>
+			</para>
+			<para>
+				<example>
+					<title>Using the dup statement</title>
+					<programlisting>
+# send to machine with ip address 10.2.3.4 on eth0
+ip filter forward dup to 10.2.3.4 device "eth0"
+
+# copy raw frame to another interface
+netdetv ingress dup to "eth0"
+dup to "eth0"
+
+# combine with map dst addr to gateways
+dup to ip daddr map { 192.168.7.1 : "eth0", 192.168.7.2 : "eth1" }
+					</programlisting>
+				</example>
+			</para>
+		</refsect2>
+		<refsect2>
+			<title>Fwd statement</title>
+			<para>
+				The fwd statement is used to redirect a raw packet to another interface.  Its is only available in the netdev family ingress hook.
+				It is similar to the dup statement except that no copy is made.
+			</para>
+			<para>
+				<cmdsynopsis>
+						<command>fwd</command>
+						<arg choice="none">to
+						<replaceable>device</replaceable></arg>
+				</cmdsynopsis>
+			</para>
+		</refsect2>
+
 	</refsect1>
 
 	<refsect1>
-- 
cgit v1.2.3