diff mbox

[1/1] doc: update ct expression

Message ID 1452743817-28261-1-git-send-email-fw@strlen.de
State Accepted
Delegated to: Florian Westphal
Headers show

Commit Message

Florian Westphal Jan. 14, 2016, 3:56 a.m. UTC 
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 doc/nft.xml | 45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

Comments

Pablo Neira Ayuso Jan. 15, 2016, 1:11 p.m. UTC | #1 
On Thu, Jan 14, 2016 at 04:56:57AM +0100, Florian Westphal wrote:
> Signed-off-by: Florian Westphal <fw@strlen.de>

Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/doc/nft.xml b/doc/nft.xml
index dbc9cd5..7cc9988 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -1931,6 +1931,13 @@  filter output oif eth0
 				Conntrack expressions refer to meta data of the connection tracking entry associated with a packet.
 			</para>
 			<para>
+				There are three types of conntrack expressions. Some conntrack expressions require the flow
+				direction before the conntrack key, others must be used directly because they are
+				direction agnostic.  The <command>packets<command> and </command>bytes</command> keywords can be used
+				with or without a direction.  If the direction is omitted, the sum of the original and the reply
+				direction is returned.
+			</para>
+			<para>
 				<cmdsynopsis>
 					<command>ct</command>
 					<group choice="req">
@@ -1941,12 +1948,22 @@  filter output oif eth0
 						<arg>expiration</arg>
 						<arg>helper</arg>
 						<arg>label</arg>
-						<arg>l3proto</arg>
-						<arg>saddr</arg>
-						<arg>daddr</arg>
-						<arg>protocol</arg>
-						<arg>proto-src</arg>
-						<arg>proto-dst</arg>
+						<arg>bytes</arg>
+						<arg>packets</arg>
+					</group>
+					<group choice="req">
+						<arg>original</arg>
+						<arg>reply</arg>
+						<group choice="req">
+							<arg>l3proto</arg>
+							<arg>protocol</arg>
+							<arg>saddr</arg>
+							<arg>daddr</arg>
+							<arg>proto-src</arg>
+							<arg>proto-dst</arg>
+							<arg>bytes</arg>
+							<arg>packets</arg>
+						</group>
 					</group>
 				</cmdsynopsis>
 			</para>
@@ -2003,7 +2020,7 @@  filter output oif eth0
 							<row>
 								<entry>l3proto</entry>
 								<entry>Layer 3 protocol of the connection</entry>
-								<entry>nf_proto FIXME</entry>
+								<entry>nf_proto</entry>
 							</row>
 							<row>
 								<entry>saddr</entry>
@@ -2023,12 +2040,22 @@  filter output oif eth0
 							<row>
 								<entry>proto-src</entry>
 								<entry>Layer 4 protocol source for the given direction</entry>
-								<entry>FIXME</entry>
+								<entry>integer (16 bit)</entry>
 							</row>
 							<row>
 								<entry>proto-dst</entry>
 								<entry>Layer 4 protocol destination for the given direction</entry>
-								<entry>FIXME</entry>
+								<entry>integer (16 bit)</entry>
+							</row>
+							<row>
+								<entry>packets</entry>
+								<entry>packet count seen in the given direction or sum of original and reply</entry>
+								<entry>integer (64 bit)</entry>
+							</row>
+							<row>
+								<entry>bytes</entry>
+								<entry>bytecount seen, see description for <command>packets</command> keyword</entry>
+								<entry>integer (64 bit)</entry>
 							</row>
 						</tbody>
 					</tgroup>