diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2023-04-11 21:45:34 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-06-01 21:43:16 +0200 |
commit | 6ab0fd6c67dbccedb49209b94eb7f740dd32fd2a (patch) | |
tree | 8f376a718fd3c1bc28577a6fb00ec5c3ccdf9133 /doc/payload-expression.txt | |
parent | 19245dd1e0c8e1e007a3b98527e379337d57b49a (diff) |
exthdr: add boolean DCCP option matching
Iptables supports the matching of DCCP packets based on the presence
or absence of DCCP options. Extend exthdr expressions to add this
functionality to nftables.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=930
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/payload-expression.txt')
-rw-r--r-- | doc/payload-expression.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index f1de3447..06538832 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -753,6 +753,7 @@ The following syntaxes are valid only in a relational expression with boolean ty *exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*} *tcp option* {*eol* | *nop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} *ip option* { lsrr | ra | rr | ssrr } +*dccp option* 'dccp_option_type' .IPv6 extension headers [options="header"] @@ -855,6 +856,11 @@ ip6 filter input frag more-fragments 1 counter filter input ip option lsrr exists counter --------------------------------------- +.finding DCCP option +------------------ +filter input dccp option 40 exists counter +--------------------------------------- + CONNTRACK EXPRESSIONS ~~~~~~~~~~~~~~~~~~~~~ Conntrack expressions refer to meta data of the connection tracking entry associated with a packet. + |