summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2023-01-02 15:36:42 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2023-01-02 15:36:42 +0100
commitb56c826e673d37980e6e8b65eeb2a50680f33162 (patch)
treec03524f7af1b1999d8e70e86fbc295edbca50fd7
parent2b9143bc7ab81991ce37c496afdc4f2ee8f0ec51 (diff)
doc: add geneve matching expression
Document new geneve matching expression. This includes support for matching the encapsulated ethernet frame layer 2, 3 and 4 headers.
-rw-r--r--doc/payload-expression.txt33
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index f7ff7c10..8d779f6a 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -562,6 +562,39 @@ integer (16 bit)
netdev filter ingress gre ip daddr 9.9.9.9 counter
------------------------------------------------------------
+GENEVE HEADER EXPRESSION
+~~~~~~~~~~~~~~~~~~~~~~~~
+[verse]
+*geneve* {*vni* | *flags*}
+*geneve* *ether* {*daddr* | *saddr* | *type*}
+*geneve* *vlan* {*id* | *dei* | *pcp* | *type*}
+*geneve* *ip* {*version* | *hdrlength* | *dscp* | *ecn* | *length* | *id* | *frag-off* | *ttl* | *protocol* | *checksum* | *saddr* | *daddr* }
+*geneve* *ip6* {*version* | *dscp* | *ecn* | *flowlabel* | *length* | *nexthdr* | *hoplimit* | *saddr* | *daddr*}
+*geneve* *tcp* {*sport* | *dport* | *sequence* | *ackseq* | *doff* | *reserved* | *flags* | *window* | *checksum* | *urgptr*}
+*geneve* *udp* {*sport* | *dport* | *length* | *checksum*}
+
+The geneve expression is used to match on the geneve header fields. The geneve
+header encapsulates a ethernet frame within a *udp* packet. This expression
+requires that you restrict the matching to *udp* packets (usually at
+port 6081 according to IANA-assigned ports).
+
+.GENEVE header expression
+[options="header"]
+|==================
+|Keyword| Description| Type
+|protocol|
+EtherType of encapsulated packet|
+integer (16 bit)
+|vni|
+Virtual Network ID (VNI)|
+integer (24 bit)
+|==================
+
+.Matching inner TCP destination port encapsulated in geneve
+----------------------------------------------------------
+netdev filter ingress udp dport 4789 geneve tcp dport 80 counter
+----------------------------------------------------------
+
VXLAN HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~~
[verse]