diff options
Diffstat (limited to 'doc/nft.xml')
-rw-r--r-- | doc/nft.xml | 380 |
1 files changed, 380 insertions, 0 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index b3e3d9e7..d4121846 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1504,6 +1504,254 @@ filter input tcp option timestamp exists </programlisting> </example> </refsect2> + <refsect2> + <title>ICMP Type type</title> + <para> + <table frame="all"> + <tgroup cols="4" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <colspec colname="c3"/> + <colspec colname="c4"/> + <thead> + <row> + <entry>Name</entry> + <entry>Keyword</entry> + <entry>Size</entry> + <entry>Base type</entry> + </row> + </thead> + <tbody> + <row> + <entry>ICMP Type</entry> + <entry>icmp_type</entry> + <entry>8 bit</entry> + <entry>integer</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + <para> + The ICMP Type type is used to conveniently specify the ICMP header's type field. + </para> + <para> + The following keywords may be used when specifying the ICMP type: + <table frame="all"> + <tgroup cols="2" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <thead> + <row> + <entry>Keyword</entry> + <entry>Value</entry> + </row> + </thead> + <tbody> + <row> + <entry>echo-reply</entry> + <entry>0</entry> + </row> + <row> + <entry>destination-unreachable</entry> + <entry>3</entry> + </row> + <row> + <entry>source-quench</entry> + <entry>4</entry> + </row> + <row> + <entry>redirect</entry> + <entry>5</entry> + </row> + <row> + <entry>echo-request</entry> + <entry>8</entry> + </row> + <row> + <entry>router-advertisement</entry> + <entry>9</entry> + </row> + <row> + <entry>router-solicitation</entry> + <entry>10</entry> + </row> + <row> + <entry>time-exceeded</entry> + <entry>11</entry> + </row> + <row> + <entry>parameter-problem</entry> + <entry>12</entry> + </row> + <row> + <entry>timestamp-request</entry> + <entry>13</entry> + </row> + <row> + <entry>timestamp-reply</entry> + <entry>14</entry> + </row> + <row> + <entry>info-request</entry> + <entry>15</entry> + </row> + <row> + <entry>info-reply</entry> + <entry>16</entry> + </row> + <row> + <entry>address-mask-request</entry> + <entry>17</entry> + </row> + <row> + <entry>address-mask-reply</entry> + <entry>18</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + <example> + <title>ICMP Type specification</title> + <programlisting> +# match ping packets +filter output icmp type { echo-request, echo-reply } + </programlisting> + </example> + </refsect2> + <refsect2> + <title>ICMPv6 Type type</title> + <para> + <table frame="all"> + <tgroup cols="4" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <colspec colname="c3"/> + <colspec colname="c4"/> + <thead> + <row> + <entry>Name</entry> + <entry>Keyword</entry> + <entry>Size</entry> + <entry>Base type</entry> + </row> + </thead> + <tbody> + <row> + <entry>ICMPv6 Type</entry> + <entry>icmpv6_type</entry> + <entry>8 bit</entry> + <entry>integer</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + <para> + The ICMPv6 Type type is used to conveniently specify the ICMPv6 header's type field. + </para> + <para> + The following keywords may be used when specifying the ICMPv6 type: + <table frame="all"> + <tgroup cols="2" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <thead> + <row> + <entry>Keyword</entry> + <entry>Value</entry> + </row> + </thead> + <tbody> + <row> + <entry>destination-unreachable</entry> + <entry>1</entry> + </row> + <row> + <entry>packet-too-big</entry> + <entry>2</entry> + </row> + <row> + <entry>time-exceeded</entry> + <entry>3</entry> + </row> + <row> + <entry>parameter-problem</entry> + <entry>4</entry> + </row> + <row> + <entry>echo-request</entry> + <entry>128</entry> + </row> + <row> + <entry>echo-reply</entry> + <entry>129</entry> + </row> + <row> + <entry>mld-listener-query</entry> + <entry>130</entry> + </row> + <row> + <entry>mld-listener-report</entry> + <entry>131</entry> + </row> + <row> + <entry>mld-listener-done</entry> + <entry>132</entry> + </row> + <row> + <entry>mld-listener-reduction</entry> + <entry>132</entry> + </row> + <row> + <entry>nd-router-solicit</entry> + <entry>133</entry> + </row> + <row> + <entry>nd-router-advert</entry> + <entry>134</entry> + </row> + <row> + <entry>nd-neighbor-solicit</entry> + <entry>135</entry> + </row> + <row> + <entry>nd-neighbor-advert</entry> + <entry>136</entry> + </row> + <row> + <entry>nd-redirect</entry> + <entry>137</entry> + </row> + <row> + <entry>router-renumbering</entry> + <entry>138</entry> + </row> + <row> + <entry>ind-neighbor-solicit</entry> + <entry>141</entry> + </row> + <row> + <entry>ind-neighbor-advert</entry> + <entry>142</entry> + </row> + <row> + <entry>mld2-listener-report</entry> + <entry>143</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + <example> + <title>ICMPv6 Type specification</title> + <programlisting> +# match ICMPv6 ping packets +filter output icmpv6 type { echo-request, echo-reply } + </programlisting> + </example> + </refsect2> </refsect1> <refsect1> @@ -2171,6 +2419,70 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 </refsect2> <refsect2> + <title>ICMP header expression</title> + <para> + <cmdsynopsis> + <command>icmp</command> + <arg opt="req"><replaceable>ICMP header field</replaceable></arg> + </cmdsynopsis> + </para> + <para> + <table frame="all"> + <title>ICMP header expression</title> + <tgroup cols="3" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <colspec colname="c3"/> + <thead> + <row> + <entry>Keyword</entry> + <entry>Description</entry> + <entry>Type</entry> + </row> + </thead> + <tbody> + <row> + <entry>type</entry> + <entry>ICMP type field</entry> + <entry>icmp_type</entry> + </row> + <row> + <entry>code</entry> + <entry>ICMP code field</entry> + <entry>integer (8 bit)</entry> + </row> + <row> + <entry>checksum</entry> + <entry>ICMP checksum field</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>id</entry> + <entry>ID of echo request/response</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>sequence</entry> + <entry>sequence number of echo request/response</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>gateway</entry> + <entry>gateway of redirects</entry> + <entry>integer (32 bit)</entry> + </row> + <row> + <entry>mtu</entry> + <entry>MTU of path MTU discovery</entry> + <entry>integer (16 bit)</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + </refsect2> + + <refsect2> <title>IPv6 header expression</title> <para> <cmdsynopsis> @@ -2245,6 +2557,74 @@ inet filter meta nfproto ipv6 output rt nexthop fd00::1 </refsect2> <refsect2> + <title>ICMPv6 header expression</title> + <para> + <cmdsynopsis> + <command>icmpv6</command> + <arg opt="req"><replaceable>ICMPv6 header field</replaceable></arg> + </cmdsynopsis> + </para> + <para> + <table frame="all"> + <title>ICMPv6 header expression</title> + <tgroup cols="3" align="left" colsep="1" rowsep="1"> + <colspec colname="c1"/> + <colspec colname="c2"/> + <colspec colname="c3"/> + <thead> + <row> + <entry>Keyword</entry> + <entry>Description</entry> + <entry>Type</entry> + </row> + </thead> + <tbody> + <row> + <entry>type</entry> + <entry>ICMPv6 type field</entry> + <entry>icmpv6_type</entry> + </row> + <row> + <entry>code</entry> + <entry>ICMPv6 code field</entry> + <entry>integer (8 bit)</entry> + </row> + <row> + <entry>checksum</entry> + <entry>ICMPv6 checksum field</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>parameter-problem</entry> + <entry>pointer to problem</entry> + <entry>integer (32 bit)</entry> + </row> + <row> + <entry>packet-too-big</entry> + <entry>oversized MTU</entry> + <entry>integer (32 bit)</entry> + </row> + <row> + <entry>id</entry> + <entry>ID of echo request/response</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>sequence</entry> + <entry>sequence number of echo request/response</entry> + <entry>integer (16 bit)</entry> + </row> + <row> + <entry>max-delay</entry> + <entry>maximum response delay of MLD queries</entry> + <entry>integer (16 bit)</entry> + </row> + </tbody> + </tgroup> + </table> + </para> + </refsect2> + <refsect2> <title>TCP header expression</title> <para> <cmdsynopsis> |