summaryrefslogtreecommitdiffstats
path: root/doc/nft.xml
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2017-02-28 13:31:54 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-02-28 13:52:17 +0100
commit22535a98470a908b879db8fc0354c5f2bbb3984e (patch)
treeddb527050d4db4e527c111a17bd1bc353069d324 /doc/nft.xml
parent68ca39b68fb97733b7d04d9a5439cad4f38bfa2e (diff)
src: revisit tcp options support
Rework syntax, add tokens so we can extend the grammar more easily. This has triggered several syntax changes with regards to the original patch, specifically: tcp option sack0 left 1 There is no space between sack and the block number anymore, no more offset field, now they are a single field. Just like we do with rt, rt0 and rt2. This simplifies our grammar and that is good since it makes our life easier when extending it later on to accomodate new features. I have also renamed sack_permitted to sack-permitted. I couldn't find any option using underscore so far, so let's keep it consistent with what we have. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/nft.xml')
-rw-r--r--doc/nft.xml39
1 files changed, 28 insertions, 11 deletions
diff --git a/doc/nft.xml b/doc/nft.xml
index 49664c42..990b9368 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -2525,11 +2525,14 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1
<arg>noop</arg>
<arg>maxseg</arg>
<arg>window</arg>
- <arg>sack_permitted</arg>
+ <arg>sack-permitted</arg>
<arg>sack</arg>
+ <arg>sack0</arg>
+ <arg>sack1</arg>
+ <arg>sack2</arg>
+ <arg>sack3</arg>
<arg>timestamp</arg>
</group>
- <arg><replaceable>offset</replaceable></arg>
<arg choice="none"><replaceable>tcp_option_field</replaceable></arg>
</cmdsynopsis>
<para>
@@ -2604,13 +2607,33 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1
<entry>kind, length, count</entry>
</row>
<row>
- <entry>sack_permitted</entry>
+ <entry>sack-permitted</entry>
<entry>TCP SACK permitted</entry>
<entry>kind, length</entry>
</row>
<row>
<entry>sack</entry>
- <entry>TCP Selective Acknowledgement</entry>
+ <entry>TCP Selective Acknowledgement (alias of block 0)</entry>
+ <entry>kind, length, left, right</entry>
+ </row>
+ <row>
+ <entry>sack0</entry>
+ <entry>TCP Selective Acknowledgement (block 0)</entry>
+ <entry>kind, length, left, right</entry>
+ </row>
+ <row>
+ <entry>sack1</entry>
+ <entry>TCP Selective Acknowledgement (block 1)</entry>
+ <entry>kind, length, left, right</entry>
+ </row>
+ <row>
+ <entry>sack2</entry>
+ <entry>TCP Selective Acknowledgement (block 2)</entry>
+ <entry>kind, length, left, right</entry>
+ </row>
+ <row>
+ <entry>sack3</entry>
+ <entry>TCP Selective Acknowledgement (block 3)</entry>
<entry>kind, length, left, right</entry>
</row>
<row>
@@ -2624,16 +2647,10 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1
</para>
<para>
- The <replaceable>offset</replaceable> is only used for the SACK TCP option fields <command>left</command> and <command>right</command>.
- For all non-SACK TCP options it is always zero.
- <replaceable>Offsets</replaceable> which equals to zero can be omitted.
- </para>
-
- <para>
<example>
<title>finding TCP options</title>
<programlisting>
-filter input tcp option sack_permitted kind 1 counter
+filter input tcp option sack-permitted kind 1 counter
</programlisting>
</example>
<example>