From 590ba3efda281f3df125ede59fa547b30b97a643 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 7 May 2019 15:23:50 +0200 Subject: doc: Review man page synopses Fix use of font typefaces: - *bold* for terminals - 'italic' for non-terminals - plain for meta-characters Apart from that: * Variable definitions require an equals sign * 'auto-merge' option in set spec does not take a parameter * List header fields in payload expressions instead of unexplained placeholder * Introduce non-terminals in some places to avoid repetitions or clarify syntax * Fix syntax for ip6 header expresssion example * Reorganize ct expression synopsis into four parts: 1) direction not allowed 2) direction optional 3) direction mandatory 4) direction and family mandatory * Add missing 'version' keyword to osf expression * Clarify verdict statements example topic * Add synopses for payload and exthdr statements * Fix typo: differv -> diffserv * Reorganize reject statement synopsis to point out which code type is required for which type arg * Counter statement requires either one of 'packets' or 'bytes' args or both, none is an invalid variant * Limit statement accepts a unit in burst, too * Improve language in limit statement description a bit Signed-off-by: Phil Sutter Signed-off-by: Florian Westphal --- doc/primary-expression.txt | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'doc/primary-expression.txt') diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index a62ed00e..6eb9583a 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -1,10 +1,8 @@ META EXPRESSIONS ~~~~~~~~~~~~~~~~ [verse] -*meta* {length | nfproto | l4proto | protocol | priority} -[meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype | -skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu -| iifgroup | oifgroup | cgroup | random | ipsec | iifkind | oifkind} +*meta* {*length* | *nfproto* | *l4proto* | *protocol* | *priority*} +[*meta*] {*mark* | *iif* | *iifname* | *iiftype* | *oif* | *oifname* | *oiftype* | *skuid* | *skgid* | *nftrace* | *rtclassid* | *ibrname* | *obrname* | *pkttype* | *cpu* | *iifgroup* | *oifgroup* | *cgroup* | *random* | *ipsec* | *iifkind* | *oifkind*} A meta expression refers to meta data associated with a packet. @@ -160,7 +158,7 @@ raw prerouting meta ipsec exists accept SOCKET EXPRESSION ~~~~~~~~~~~~~~~~~ [verse] -*socket* \{transparent\} +*socket* {*transparent* | *mark*} Socket expression can be used to search for an existing open TCP/UDP socket and its attributes that can be associated with a packet. It looks for an established @@ -206,7 +204,7 @@ table inet x { OSF EXPRESSION ~~~~~~~~~~~~~~ [verse] -osf {name} +*osf* [*ttl* {*loose* | *skip*}] {*name* | *version*} The osf expression does passive operating system fingerprinting. This expression compares some data (Window Size, MSS, options and their order, DF, @@ -249,7 +247,7 @@ table inet x { FIB EXPRESSIONS ~~~~~~~~~~~~~~~ [verse] -*fib* {saddr | daddr | {mark | iif | oif}} {oif | oifname | type} +*fib* {*saddr* | *daddr* | *mark* | *iif* | *oif*} [*.* ...] {*oif* | *oifname* | *type*} A fib expression queries the fib (forwarding information base) to obtain information such as the output interface index a particular address would use. @@ -286,7 +284,7 @@ filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole : ROUTING EXPRESSIONS ~~~~~~~~~~~~~~~~~~~ [verse] -*rt* {classid | nexthop} +*rt* [*ip* | *ip6*] {*classid* | *nexthop* | *mtu* | *ipsec*} A routing expression refers to routing data associated with a packet. @@ -333,8 +331,8 @@ IPSEC EXPRESSIONS ~~~~~~~~~~~~~~~~~ [verse] -*ipsec* {in | out} [ spnum 'NUM' ] {reqid | spi } -*ipsec* {in | out} [ spnum 'NUM' ] {ip | ip6 } { saddr | daddr } +*ipsec* {*in* | *out*} [ *spnum* 'NUM' ] {*reqid* | *spi*} +*ipsec* {*in* | *out*} [ *spnum* 'NUM' ] {*ip* | *ip6*} {*saddr* | *daddr*} An ipsec expression refers to ipsec data associated with a packet. -- cgit v1.2.3