summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-05-22 22:06:16 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-05-24 21:14:30 +0200
commit4b0f2a712b5792d2842d89fe68d4230e0eb05c7e (patch)
tree954a866715d95529e65f39c3ff90920973186ac1 /doc
parenteeda228c2d1719f5b6276b40ad14a5b3c3e88536 (diff)
src: support for arp sender and target ethernet and IPv4 addresses
# nft add table arp x # nft add chain arp x y { type filter hook input priority 0\; } # nft add rule arp x y arp saddr ip 192.168.2.1 counter Testing this: # ip neigh flush dev eth0 # ping 8.8.8.8 # nft list ruleset table arp x { chain y { type filter hook input priority filter; policy accept; arp saddr ip 192.168.2.1 counter packets 1 bytes 46 } } You can also specify hardware sender address, eg. # nft add rule arp x y arp saddr ether aa:bb:cc:aa:bb:cc drop counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/payload-expression.txt14
1 files changed, 13 insertions, 1 deletions
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 7f3ca42d..ebbffe50 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -44,7 +44,7 @@ ether_type
ARP HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~
[verse]
-*arp* {*htype* | *ptype* | *hlen* | *plen* | *operation*}
+*arp* {*htype* | *ptype* | *hlen* | *plen* | *operation* | *saddr* { *ip* | *ether* } | *daddr* { *ip* | *ether* }
.ARP header expression
[options="header"]
@@ -65,6 +65,18 @@ integer (8 bit)
|operation|
Operation |
arp_op
+|saddr ether|
+Ethernet sender address|
+ether_addr
+|daddr ether|
+Ethernet target address|
+ether_addr
+|saddr ip|
+IPv4 sender address|
+ipv4_addr
+|daddr ip|
+IPv4 target address|
+ipv4_addr
|======================
IPV4 HEADER EXPRESSION