From 6cd8140b3ecea2ed42124878552b6ad01f00be25 Mon Sep 17 00:00:00 2001
From: Arturo Borrero <arturo.borrero.glez@gmail.com>
Date: Mon, 4 Aug 2014 10:29:45 +0200
Subject: doc: update documentation with 'monitor' and 'export'

Let's add info about 'monitor' and 'export'.

While at it, fix other minors things, like the no-netlink return code and
indentations of the document.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 67 insertions(+), 3 deletions(-)

(limited to 'doc/nft.xml')

diff --git a/doc/nft.xml b/doc/nft.xml
index 702891c2..41c0840f 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -2079,6 +2079,70 @@ filter input iif eth0 drop
 		</refsect2>
 	</refsect1>
 
+	<refsect1>
+		<title>Additional commands</title>
+		<para>
+			These are some additional commands included in nft.
+		</para>
+		<refsect2>
+			<title>export</title>
+			<para>
+				Export your current ruleset in XML or JSON format to stdout.
+			</para>
+			<para>
+				Examples:
+				<programlisting>
+% nft export xml
+[...]
+% nft export json
+[...]
+				</programlisting>
+			</para>
+		</refsect2>
+		<refsect2>
+			<title>monitor</title>
+			<para>
+				The monitor command allows you to listen to Netlink events produced
+				by the nf_tables subsystem, related to creation and deletion of objects.
+				When they ocurr, nft will print to stdout the monitored events in either
+				XML, JSON or native nft format.
+			</para>
+			<para>
+				To filter events related to a concrete object, use one of the keywords 'tables', 'chains', 'sets', 'rules', 'elements'.
+			</para>
+			<para>
+				To filter events related to a concrete action, use keyword 'new' or 'destroy'.
+			</para>
+			<para>
+				Hit ^C to finish the monitor operation.
+			</para>
+			<example>
+				<title>Listen to all events, report in native nft format</title>
+				<programlisting>
+% nft monitor
+				</programlisting>
+			</example>
+			<example>
+				<title>Listen to added tables, report in XML format</title>
+				<programlisting>
+% nft monitor new tables xml
+				</programlisting>
+			</example>
+			<example>
+				<title>Listen to deleted rules, report in JSON format</title>
+				<programlisting>
+% nft monitor destroy rules json
+				</programlisting>
+			</example>
+			<example>
+				<title>Listen to both new and destroyed chains, in native nft format</title>
+				<programlisting>
+% nft monitor chains
+				</programlisting>
+			</example>
+		</refsect2>
+	</refsect1>
+
 	<refsect1>
 		<title>Error reporting</title>
 		<para>
@@ -2097,7 +2161,7 @@ filter input iif eth0 drop
 			<programlisting>
 &lt;cmdline&gt;:1:19-22: Error: Interface does not exist
 filter output oif eth0
-^^^
+                  ^^^^
 			</programlisting>
 		</example>
 		<example>
@@ -2105,7 +2169,7 @@ filter output oif eth0
 			<programlisting>
 &lt;cmdline&gt;:1:28-36: Error: Right hand side of relational expression (==) must be constant
 filter output tcp dport == tcp dport
-~~ ^^^^^^^^^
+                        ~~ ^^^^^^^^^
 			</programlisting>
 		</example>
 
@@ -2124,7 +2188,7 @@ filter output oif wlan0
 		<para>
 			On success, nft exits with a status of 0. Unspecified
 			errors cause it to exit with a status of 1, memory allocation
-			errors with a status of 2.
+			errors with a status of 2, unable to open Netlink socket with 3.
 		</para>
 	</refsect1>
 
-- 
cgit v1.2.3