diff options
author | Florian Westphal <fw@strlen.de> | 2020-11-02 00:27:04 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2020-11-09 12:14:52 +0100 |
commit | 2a9aea6f2dfb6ee61528809af98860e06b38762b (patch) | |
tree | 0d0f1c44efdfa6ef4a5787da7d4e3b1ef843c68a /doc/payload-expression.txt | |
parent | db3207dc06bc0c3cd3ec0df409512448ecba603e (diff) |
parser: merge sack-perm/sack-permitted and maxseg/mss
One was added by the tcp option parsing ocde, the other by synproxy.
So we have:
synproxy ... sack-perm
synproxy ... mss
and
tcp option maxseg
tcp option sack-permitted
This kills the extra tokens on the scanner/parser side,
so sack-perm and sack-permitted can both be used.
Likewise, 'synproxy maxseg' and 'tcp option mss size 42' will work too.
On the output side, the shorter form is now preferred, i.e. sack-perm
and mss.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'doc/payload-expression.txt')
-rw-r--r-- | doc/payload-expression.txt | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 93d4d22f..9df20a18 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -525,13 +525,13 @@ nftables currently supports matching (finding) a given ipv6 extension header, TC *dst* {*nexthdr* | *hdrlength*} *mh* {*nexthdr* | *hdrlength* | *checksum* | *type*} *srh* {*flags* | *tag* | *sid* | *seg-left*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} 'tcp_option_field' *ip option* { lsrr | ra | rr | ssrr } 'ip_option_field' The following syntaxes are valid only in a relational expression with boolean type on right-hand side for checking header existence only: [verse] *exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*} -*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-permitted* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} +*tcp option* {*eol* | *noop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*} *ip option* { lsrr | ra | rr | ssrr } .IPv6 extension headers @@ -568,7 +568,7 @@ kind, length, size |window| TCP Window Scaling | kind, length, count -|sack-permitted| +|sack-perm | TCP SACK permitted | kind, length |sack| @@ -611,7 +611,7 @@ type, length, ptr, addr .finding TCP options -------------------- -filter input tcp option sack-permitted kind 1 counter +filter input tcp option sack-perm kind 1 counter -------------------- .matching IPv6 exthdr |