conntrack: add support for netmask filtering

This patch extends --mask-src and --mask-dst to also work with the conntrack table, with commands -L, -D, -E and -U. Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.dk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Asbjørn Sloth Tønnesen <ast@fiberby.dk> 2016-01-25 11:15:47 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-02-08 13:05:50 +0100
commit: d6b7dc0a98ac0b78b20c3ac18634adf3e3955707 (patch)
tree: 13a0b38f8a03a6c1f3313d48a83d9cd62e2434ca /conntrack.8
parent: 20d42c5aaa1249be8b28aaf24507f67d91cfa027 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/conntrack.8 b/conntrack.8
index 970c2d7..5bba1b1 100644
--- a/conntrack.8
+++ b/conntrack.8
@@ -191,10 +191,13 @@ Specify the tuple source address of an expectation.
 Specify the tuple destination address of an expectation.
 .TP
 .BI "--mask-src " IP_ADDRESS
-Specify the source address mask of an expectation.
+Specify the source address mask.
+For conntrack this option is only available in conjunction with "\-L, \-\-dump", "\-E, \-\-event", "\-U \-\-update" or "\-D \-\-delete".
+For expectations this option is only available in conjunction with "\-I, \-\-create".
 .TP
 .BI "--mask-dst " IP_ADDRESS
-Specify the destination address mask of an expectation.
+Specify the destination address mask.
+Same limitations as for "--mask-src".
 .SS PROTOCOL FILTER PARAMETERS
 .TP
 TCP-specific fields:
author	Asbjørn Sloth Tønnesen <ast@fiberby.dk>	2016-01-25 11:15:47 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-02-08 13:05:50 +0100
commit	d6b7dc0a98ac0b78b20c3ac18634adf3e3955707 (patch)
tree	13a0b38f8a03a6c1f3313d48a83d9cd62e2434ca /conntrack.8
parent	20d42c5aaa1249be8b28aaf24507f67d91cfa027 (diff)