From patchwork Thu Feb  9 13:48:16 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Elise Lennion <elise.lennion@gmail.com>
X-Patchwork-Id: 726098
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3vJztg6N1vz9s7J
	for <incoming@patchwork.ozlabs.org>;
	Fri, 10 Feb 2017 00:48:27 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ur7Zgzk9"; dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752396AbdBINsZ (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 9 Feb 2017 08:48:25 -0500
Received: from mail-qk0-f193.google.com ([209.85.220.193]:33845 "EHLO
	mail-qk0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752383AbdBINsX (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Thu, 9 Feb 2017 08:48:23 -0500
Received: by mail-qk0-f193.google.com with SMTP id e1so629137qkh.1
	for <netfilter-devel@vger.kernel.org>;
	Thu, 09 Feb 2017 05:48:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=l0MQMeYoZ966GZ8bUd5jQ/rw7SfYAK8e8wHtCW4I98Q=;
	b=ur7Zgzk9KFvxGSwDOYiEtZzjIDA/1lqfds7tRE27w2C1jigOo54LRYTKGB2rzbI5UX
	L/DqtdOwXIsIk07jDoa0gxu0uUBFn+IqBWEazhUhmqZRVdl8Uji1c+K9uc0tuJxVYPRr
	JRec0CNPg7KMseyFCm2tImDwJmW7vUGzm3G/kZBm7jxWoK3SNLIySEhkbCbmpTP+ySnE
	Q3xHXgT496r/8u6/+GdQuk2wBAhFab6jrPmhvshNIXYNsoXKM+PSpcA4v3myg9+fpe+I
	jlPJWTzDJDcSutvvU4zVcZjhTlmHjXCaWwaF45W9FJKJC4kOujsi2C13WISjFz+67B1Z
	Fpzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=l0MQMeYoZ966GZ8bUd5jQ/rw7SfYAK8e8wHtCW4I98Q=;
	b=qbrMwwZnq5olJwdR/Dgw06+3ufL6MgOGX4wE5DqalLGCCgJo6TUFrsx3vGOBMwCYXr
	JewCQCsh3JmyQl48dQdVGjN22eDsx1RcAagNEI/w8FMSA85tAIGFrpv8vepMcSfxHYBP
	dxD+B7xgQxuSCOTk6XTKpVfaeAjd7jgX0tvWl4xGevc4TuttVCeTKvOxvUKW1KzP48zG
	D0gySKCPFJXwQsYEtYbYQXcBeefE5PlbTePZm+VZt4yIaiUh0rW/7xGMWf3+Kn/KJr3B
	oulu/A2oVGC2W0TfA6EV48QiEeWcRDXgdVasW2KcQ5pX+GLXocfYImR8OnBG8SEPfXVW
	2vLA==
X-Gm-Message-State: 
 AMke39lGCionNvVGo3mAjiwI9CPsBxUO9KeGYJ0vZdoO5UKM8G2HEoGZ7w9rU8WX7BhsWg==
X-Received: by 10.55.33.163 with SMTP id f35mr2816401qki.66.1486648102221;
	Thu, 09 Feb 2017 05:48:22 -0800 (PST)
Received: from lennorien.com ([187.64.233.224])
	by smtp.gmail.com with ESMTPSA id
	z8sm9155357qkz.42.2017.02.09.05.48.20
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 09 Feb 2017 05:48:21 -0800 (PST)
Date: Thu, 9 Feb 2017 11:48:16 -0200
From: Elise Lennion <elise.lennion@gmail.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCH v2 nft] doc: Document stateful objects
Message-ID: <20170209134816.GA7092@lennorien.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This patch adds documentation for stateful objects and updates
tables description to mention them.

Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
---

 v2: Added a title to counter and quota tables.

 doc/nft.xml | 136 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 135 insertions(+), 1 deletion(-)

diff --git a/doc/nft.xml b/doc/nft.xml
index 78e112f..ac31c3b 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -453,7 +453,7 @@ filter input iif $int_ifs accept
 		</para>
 
 		<para>
-			Tables are containers for chains and sets. They are identified by their address family
+			Tables are containers for chains, sets and stateful objects. They are identified by their address family
 			and their name. The address family must be one of
 
 			<simplelist type="inline">
@@ -668,6 +668,140 @@ filter input iif $int_ifs accept
 	</refsect1>
 
 	<refsect1>
+		<title>Stateful objects</title>
+		<para>
+			<cmdsynopsis>
+				<group choice="req">
+					<arg>add</arg>
+					<arg>delete</arg>
+					<arg>list</arg>
+					<arg>reset</arg>
+				</group>
+				<command> type</command>
+				<arg choice="opt"><replaceable>family</replaceable></arg>
+				<arg choice="req"><replaceable>table</replaceable></arg>
+				<arg choice="req"><replaceable>object</replaceable></arg>
+			</cmdsynopsis>
+		</para>
+		<para>
+			Stateful objects are attached to tables and are identified by an unique name. They group stateful information from rules, to reference them in rules the keywords "type name" are used e.g. "counter name".
+		</para>
+
+		<variablelist>
+			<varlistentry>
+				<term><option>add</option></term>
+				<listitem>
+					<para>
+						Add a new stateful object in the specified table.
+					</para>
+				</listitem>
+			</varlistentry>
+			<varlistentry>
+				<term><option>delete</option></term>
+				<listitem>
+					<para>
+						Delete the specified object.
+					</para>
+				</listitem>
+			</varlistentry>
+			<varlistentry>
+				<term><option>list</option></term>
+				<listitem>
+					<para>
+						Display stateful information the object holds.
+					</para>
+				</listitem>
+			</varlistentry>
+			<varlistentry>
+				<term><option>reset</option></term>
+				<listitem>
+					<para>
+						List-and-reset stateful object.
+					</para>
+				</listitem>
+			</varlistentry>
+		</variablelist>
+
+		<refsect2>
+			<title>Counter</title>
+			<para>
+				<cmdsynopsis>
+					<command>counter</command>
+					<arg choice="opt">packets bytes</arg>
+				</cmdsynopsis>
+			</para>
+			<table frame="all">
+				<title>Counter specifications</title>
+				<tgroup cols='3' align='left' colsep='1' rowsep='1'>
+					<colspec colname='c1'/>
+					<colspec colname='c2'/>
+					<colspec colname='c3'/>
+					<thead>
+						<row>
+							<entry>Keyword</entry>
+							<entry>Description</entry>
+							<entry>Type</entry>
+						</row>
+					</thead>
+					<tbody>
+						<row>
+							<entry>packets</entry>
+							<entry>initial count of packets</entry>
+							<entry>unsigned integer (64 bit)</entry>
+						</row>
+						<row>
+							<entry>bytes</entry>
+							<entry>initial count of bytes</entry>
+							<entry>unsigned integer (64 bit)</entry>
+						</row>
+					</tbody>
+				</tgroup>
+			</table>
+		</refsect2>
+
+		<refsect2>
+			<title>Quota</title>
+			<para>
+				<cmdsynopsis>
+					<command>quota</command>
+					<group choice="opt">
+						<arg>over</arg>
+						<arg>until</arg>
+					</group>
+					<arg choice="opt">used</arg>
+				</cmdsynopsis>
+			</para>
+			<table frame="all">
+				<title>Quota specifications</title>
+				<tgroup cols='3' align='left' colsep='1' rowsep='1'>
+					<colspec colname='c1'/>
+					<colspec colname='c2'/>
+					<colspec colname='c3'/>
+					<thead>
+						<row>
+							<entry>Keyword</entry>
+							<entry>Description</entry>
+							<entry>Type</entry>
+						</row>
+					</thead>
+					<tbody>
+						<row>
+							<entry>quota</entry>
+							<entry>quota limit, used as the quota name</entry>
+							<entry>Two arguments, unsigned interger (64 bit) and string: bytes, kbytes, mbytes. "over" and "until" go before these arguments</entry>
+						</row>
+						<row>
+							<entry>used</entry>
+							<entry>initial value of used quota</entry>
+							<entry>Two arguments, unsigned interger (64 bit) and string: bytes, kbytes, mbytes</entry>
+						</row>
+					</tbody>
+				</tgroup>
+			</table>
+		</refsect2>
+	</refsect1>
+
+	<refsect1>
 		<title>Expressions</title>
 		<para>
 			Expressions represent values, either constants like network addresses, port numbers etc. or data