From 404180e2a68a09bde4490ed073471e6ee28f9621 Mon Sep 17 00:00:00 2001
From: Fernando Fernandez Mancera <ffmancera@riseup.net>
Date: Sat, 4 Aug 2018 00:17:50 +0200
Subject: doc: add osf expression to man page

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/primary-expression.txt | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 63493049..e7a022a5 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -173,6 +173,35 @@ table inet x {
 }
 ----------------------
 
+OSF EXPRESSION
+~~~~~~~~~~~~~~
+[verse]
+osf {name}
+
+The osf expression does passive operating system fingerprinting. This
+expression compares some data (Window Size, MSS, options and their order, DF,
+and others) from packets with the SYN bit set.
+
+.Available osf attributes
+[options="header"]
+|==================
+|Name |Description| Type
+|name|
+Name of the OS signature to match. All signatures can be found at pf.os file.|
+Use "unknown" for OS signatures that the expression could not detect.
+|==================
+
+.Using osf expression
+---------------------
+# Accept packets that match the "Linux" OS signature.
+table inet x {
+    chain y {
+	type filter hook input priority 0; policy accept;
+        osf "Linux"
+    }
+}
+-----------------------
+
 FIB EXPRESSIONS
 ~~~~~~~~~~~~~~~
 [verse]
-- 
cgit v1.2.3