diff options
author | Phil Sutter <phil@nwl.cc> | 2018-08-24 13:35:37 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-30 12:11:45 +0200 |
commit | a187d26259c63df995f41e5920d5961c93e28bff (patch) | |
tree | a4791bcc5728fd714cd9136e825f8936bc6a9d4f /doc | |
parent | 62e39ed058ce340ead5d878a386caa9e65676f63 (diff) |
doc: Document implicit dependency creation for icmp/icmpv6
As suggested at NFWS, the implicit nfproto dependencies generated by
icmp/icmpv6 header field matches should be documented along with how to
achieve matching on unusual packets.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/payload-expression.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 2a89b922..a2284ce8 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -119,6 +119,11 @@ ICMP HEADER EXPRESSION [verse] *icmp* ['ICMP' 'header' 'field'] +This expression refers to ICMP header fields. When using it in *inet*, +*bridge* or *netdev* families, it will cause an implicit dependency on IPv4 to +be created. To match on unusual cases like ICMP over IPv6, one has to add an +explicit *meta nftproto ipv6* match to the rule. + .ICMP header expression [options="header"] |================== @@ -199,6 +204,11 @@ ICMPV6 HEADER EXPRESSION [verse] *icmpv6* ['ICMPv6' 'header' 'field'] +This expression refers to ICMPv6 header fields. When using it in *inet*, +*bridge* or *netdev* families, it will cause an implicit dependency on IPv6 to +be created. To match on unusual cases like ICMPv6 over IPv4, one has to add an +explicit *meta nftproto ipv4* match to the rule. + .ICMPv6 header expression [options="header"] |================== |