summaryrefslogtreecommitdiffstats
path: root/doc/stateful-objects.txt
Commit message (Collapse)AuthorAgeFilesLines
* doc: nft.8: Fix markup in ct expectation synopsisPhil Sutter23 hours1-1/+1
| | | | | | | Just a missing asterisk somewhere. Fixes: 1dd08fcfa07a4 ("src: add ct expectations support") Signed-off-by: Phil Sutter <phil@nwl.cc>
* parser: allow ct timeouts to use time_spec valuesFlorian Westphal2023-08-031-1/+1
| | | | | | | | | | | | | | | For some reason the parser only allows raw numbers (seconds) for ct timeouts, e.g. ct timeout ttcp { protocol tcp; policy = { syn_sent : 3, ... Also permit time_spec, e.g. "established : 5d". Print the nicer time formats on output, but retain raw numbers support on input for compatibility. Signed-off-by: Florian Westphal <fw@strlen.de>
* doc: update ct timeout section with the state namesFlorian Westphal2021-11-081-0/+11
| | | | | | | | docs are too terse and did not have the list of valid timeout states. While at it, adjust default stream timeout of udp to 120, this is the current kernel default. Signed-off-by: Florian Westphal <fw@strlen.de>
* doc: fix synopsis of named counter, quota and ct {helper,timeout,expect}Pablo Neira Ayuso2021-09-161-5/+57
| | | | | | Synopsis is not complete. Add examples for counters and quotas. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: use symbolic names for chain prioritiesSimon Ruderich2021-03-241-1/+1
| | | | | | | | | | | | | This replaces the numbers with the matching symbolic names with one exception: The NAT example used "priority 0" for the prerouting priority. This is replaced by "dstnat" which has priority -100 which is the new recommended priority. Also use spaces instead of tabs for consistency in lines which require updates. Signed-off-by: Simon Ruderich <simon@ruderich.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add ct expectations supportStéphane Veyret2019-07-161-0/+49
| | | | | | | This modification allow to directly add/list/delete expectations. Signed-off-by: Stéphane Veyret <sveyret@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: Review man page synopsesPhil Sutter2019-05-081-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix use of font typefaces: - *bold* for terminals - 'italic' for non-terminals - plain for meta-characters Apart from that: * Variable definitions require an equals sign * 'auto-merge' option in set spec does not take a parameter * List header fields in payload expressions instead of unexplained placeholder * Introduce non-terminals in some places to avoid repetitions or clarify syntax * Fix syntax for ip6 header expresssion example * Reorganize ct expression synopsis into four parts: 1) direction not allowed 2) direction optional 3) direction mandatory 4) direction and family mandatory * Add missing 'version' keyword to osf expression * Clarify verdict statements example topic * Add synopses for payload and exthdr statements * Fix typo: differv -> diffserv * Reorganize reject statement synopsis to point out which code type is required for which type arg * Counter statement requires either one of 'packets' or 'bytes' args or both, none is an invalid variant * Limit statement accepts a unit in burst, too * Improve language in limit statement description a bit Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
* doc: Document ct timeout supportHarsha Sharma2018-10-181-2/+57
| | | | | | | | Add documentation for creating ct timeout objects and assigning timeout policies via rules. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: Miscellaneous spelling fixesDuncan Roe2018-08-051-2/+2
| | | | | | | | | | | | | | | | | These were found by ispell -p ./ispell_nft *.txt in nftables/doc. - ispell.nft: Added some new words - nft.txt: (nothing special) - payload-expression.txt: lengthbits and offsetbits were run together before the conversion to .txt, but the conversion lost the underlining - primary-expression.txt: ispell suggested rtclassid instead of rtlclassid, which agres with previous usage - stateful-objects.txt: (nothing special) - statements.txt: nonbase chains changed back to non-base chains as it used to be Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au> Signed-off-by: Florian Westphal <fw@strlen.de>
* doc: correct some typos in asciidocArushi Singhal2018-08-031-1/+1
| | | | | | | | Correct some typo mistakes done while converting man page source to asciidoc. Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* doc: stateful-objects.txt: Wrap extra long lines to 80 charsMáté Eckl2018-08-011-2/+7
| | | | | Signed-off-by: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
* nft: doc: Convert man page source to asciidocArushi Singhal2018-07-261-0/+71
This patch converts nft.xml into asciidoc markup. Signed-off-by: Arushi Singhal <arushisinghal19971997@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>