diff options
author | Phil Sutter <phil@nwl.cc> | 2019-05-07 15:23:50 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-05-08 16:32:01 +0200 |
commit | 590ba3efda281f3df125ede59fa547b30b97a643 (patch) | |
tree | aacd0c65efab413ac4a0212e3d7cf0ecc2ba1d05 /doc/primary-expression.txt | |
parent | 611a54199b72a0b02c9abc120b9488a4873dffeb (diff) |
doc: Review man page synopses
Fix use of font typefaces:
- *bold* for terminals
- 'italic' for non-terminals
- plain for meta-characters
Apart from that:
* Variable definitions require an equals sign
* 'auto-merge' option in set spec does not take a parameter
* List header fields in payload expressions instead of unexplained
placeholder
* Introduce non-terminals in some places to avoid repetitions or clarify
syntax
* Fix syntax for ip6 header expresssion example
* Reorganize ct expression synopsis into four parts:
1) direction not allowed
2) direction optional
3) direction mandatory
4) direction and family mandatory
* Add missing 'version' keyword to osf expression
* Clarify verdict statements example topic
* Add synopses for payload and exthdr statements
* Fix typo: differv -> diffserv
* Reorganize reject statement synopsis to point out which code type
is required for which type arg
* Counter statement requires either one of 'packets' or 'bytes' args or
both, none is an invalid variant
* Limit statement accepts a unit in burst, too
* Improve language in limit statement description a bit
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'doc/primary-expression.txt')
-rw-r--r-- | doc/primary-expression.txt | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index a62ed00e..6eb9583a 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -1,10 +1,8 @@ META EXPRESSIONS ~~~~~~~~~~~~~~~~ [verse] -*meta* {length | nfproto | l4proto | protocol | priority} -[meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype | -skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu -| iifgroup | oifgroup | cgroup | random | ipsec | iifkind | oifkind} +*meta* {*length* | *nfproto* | *l4proto* | *protocol* | *priority*} +[*meta*] {*mark* | *iif* | *iifname* | *iiftype* | *oif* | *oifname* | *oiftype* | *skuid* | *skgid* | *nftrace* | *rtclassid* | *ibrname* | *obrname* | *pkttype* | *cpu* | *iifgroup* | *oifgroup* | *cgroup* | *random* | *ipsec* | *iifkind* | *oifkind*} A meta expression refers to meta data associated with a packet. @@ -160,7 +158,7 @@ raw prerouting meta ipsec exists accept SOCKET EXPRESSION ~~~~~~~~~~~~~~~~~ [verse] -*socket* \{transparent\} +*socket* {*transparent* | *mark*} Socket expression can be used to search for an existing open TCP/UDP socket and its attributes that can be associated with a packet. It looks for an established @@ -206,7 +204,7 @@ table inet x { OSF EXPRESSION ~~~~~~~~~~~~~~ [verse] -osf {name} +*osf* [*ttl* {*loose* | *skip*}] {*name* | *version*} The osf expression does passive operating system fingerprinting. This expression compares some data (Window Size, MSS, options and their order, DF, @@ -249,7 +247,7 @@ table inet x { FIB EXPRESSIONS ~~~~~~~~~~~~~~~ [verse] -*fib* {saddr | daddr | {mark | iif | oif}} {oif | oifname | type} +*fib* {*saddr* | *daddr* | *mark* | *iif* | *oif*} [*.* ...] {*oif* | *oifname* | *type*} A fib expression queries the fib (forwarding information base) to obtain information such as the output interface index a particular address would use. @@ -286,7 +284,7 @@ filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole : ROUTING EXPRESSIONS ~~~~~~~~~~~~~~~~~~~ [verse] -*rt* {classid | nexthop} +*rt* [*ip* | *ip6*] {*classid* | *nexthop* | *mtu* | *ipsec*} A routing expression refers to routing data associated with a packet. @@ -333,8 +331,8 @@ IPSEC EXPRESSIONS ~~~~~~~~~~~~~~~~~ [verse] -*ipsec* {in | out} [ spnum 'NUM' ] {reqid | spi } -*ipsec* {in | out} [ spnum 'NUM' ] {ip | ip6 } { saddr | daddr } +*ipsec* {*in* | *out*} [ *spnum* 'NUM' ] {*reqid* | *spi*} +*ipsec* {*in* | *out*} [ *spnum* 'NUM' ] {*ip* | *ip6*} {*saddr* | *daddr*} An ipsec expression refers to ipsec data associated with a packet. |