summaryrefslogtreecommitdiffstats
path: root/doc/payload-expression.txt
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2018-08-24 13:35:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-08-30 12:11:45 +0200
commita187d26259c63df995f41e5920d5961c93e28bff (patch)
treea4791bcc5728fd714cd9136e825f8936bc6a9d4f /doc/payload-expression.txt
parent62e39ed058ce340ead5d878a386caa9e65676f63 (diff)
doc: Document implicit dependency creation for icmp/icmpv6
As suggested at NFWS, the implicit nfproto dependencies generated by icmp/icmpv6 header field matches should be documented along with how to achieve matching on unusual packets. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/payload-expression.txt')
-rw-r--r--doc/payload-expression.txt10
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 2a89b922..a2284ce8 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -119,6 +119,11 @@ ICMP HEADER EXPRESSION
[verse]
*icmp* ['ICMP' 'header' 'field']
+This expression refers to ICMP header fields. When using it in *inet*,
+*bridge* or *netdev* families, it will cause an implicit dependency on IPv4 to
+be created. To match on unusual cases like ICMP over IPv6, one has to add an
+explicit *meta nftproto ipv6* match to the rule.
+
.ICMP header expression
[options="header"]
|==================
@@ -199,6 +204,11 @@ ICMPV6 HEADER EXPRESSION
[verse]
*icmpv6* ['ICMPv6' 'header' 'field']
+This expression refers to ICMPv6 header fields. When using it in *inet*,
+*bridge* or *netdev* families, it will cause an implicit dependency on IPv6 to
+be created. To match on unusual cases like ICMPv6 over IPv4, one has to add an
+explicit *meta nftproto ipv4* match to the rule.
+
.ICMPv6 header expression
[options="header"]
|==================