summaryrefslogtreecommitdiffstats
path: root/doc/libnftables-json.adoc
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-10-24 12:35:03 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-10-24 12:55:13 +0200
commit0eb1b3f9a83dfbe2f3001fd3d9cec497a352b9af (patch)
treeba1d51a8a95fe13a191ffcb8a1fa08681e9ebec3 /doc/libnftables-json.adoc
parenteff35932059569d2a36a14dd911091c0bec00032 (diff)
json: Fix osf ttl support
Having to use numerical values for ttl property in JSON is not practical as these values are arbitrary and meaningful only in netfilter. Instead align JSON output/input with standard API, accepting names for TTL matching strategy. Also add missing documentation in libnftables-json man page and fix JSON equivalent in tests/py. Fixes: 03eafe098d5ee ("osf: add ttl option support") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/libnftables-json.adoc')
-rw-r--r--doc/libnftables-json.adoc24
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index 98303b35..ea5fbe81 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -1288,3 +1288,27 @@ ____
____
Construct a reference to packet's socket.
+
+=== OSF
+[verse]
+____
+*{ "osf": {
+ "key":* 'OSF_KEY'*,
+ "ttl":* 'OSF_TTL'
+*}}*
+
+'OSF_KEY' := *"name"*
+'OSF_TTL' := *"loose"* | *"skip"*
+____
+
+Perform OS fingerprinting. This expression is typically used in LHS of a *match*
+statement.
+
+*key*::
+ What part of the fingerprint info to match against. At this point, only
+ the OS name is supported.
+*ttl*::
+ Define how packet's TTL value is to be matched. This property is
+ optional. If omitted, TTL value has to match exactly. A value of *loose*
+ accepts TTL values less than the fingerprint one. A value of *skip*
+ omits TTL value comparison entirely.