From patchwork Fri Jan 26 13:27:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 866314 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zSfpS2QkYz9s4s for ; Sat, 27 Jan 2018 00:27:28 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751795AbeAZN10 (ORCPT ); Fri, 26 Jan 2018 08:27:26 -0500 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:58650 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751412AbeAZN1Y (ORCPT ); Fri, 26 Jan 2018 08:27:24 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2) (envelope-from ) id 1ef3zi-0003Nm-PC; Fri, 26 Jan 2018 14:24:38 +0100 From: Florian Westphal To: netfilter-devel@vger.kernel.org Cc: Florian Westphal Subject: [PATCH nft] doc: dup and fwd statements Date: Fri, 26 Jan 2018 14:27:12 +0100 Message-Id: <20180126132712.7416-1-fw@strlen.de> X-Mailer: git-send-email 2.14.3 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- doc/nft.xml | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/doc/nft.xml b/doc/nft.xml index 6a95ea6..d5b9c27 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -5000,6 +5000,86 @@ add rule nat prerouting tcp dport 22 redirect to :2222 + + Dup statement + + The dup statement is used to duplicate a packet and send the copy to a different destination. + + + + dup + to + device + + + dup + to + address + device + device + + + + + Dup statement values + + + + + + + Expression + Description + Type + + + + + address + Specifies that the copy of the packet should be sent to a new gateway. + ipv4_addr, ipv6_addr, eg. abcd::1234, or you can use a mapping, eg. ip saddr map { 192.168.1.2 : 10.1.1.1 } + + + device + Specifies that the copy should be transmitted via device. + string + + + +
+ + + + Using the dup statement + +# send to machine with ip address 10.2.3.4 on eth0 +ip filter forward dup to 10.2.3.4 device "eth0" + +# copy raw frame to another interface +netdetv ingress dup to "eth0" +dup to "eth0" + +# combine with map dst addr to gateways +dup to ip daddr map { 192.168.7.1 : "eth0", 192.168.7.2 : "eth1" } + + + + + + Fwd statement + + The fwd statement is used to redirect a raw packet to another interface. Its is only available in the netdev family ingress hook. + It is similar to the dup statement except that no copy is made. + + + + fwd + to + device + + + +