[nft,v2,06/16] doc: add vxlan matching expression

Message ID	20221017110408.742223-7-pablo@netfilter.org
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Pablo Neira Ayuso <pablo@netfilter.org> To: netfilter-devel@vger.kernel.org Subject: [PATCH nft,v2 06/16] doc: add vxlan matching expression Date: Mon, 17 Oct 2022 13:03:58 +0200 Message-Id: <20221017110408.742223-7-pablo@netfilter.org> In-Reply-To: <20221017110408.742223-1-pablo@netfilter.org> References: <20221017110408.742223-1-pablo@netfilter.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	vxlan, geneve, gre, gretap matching support \| expand [nft,v2,00/16] vxlan, geneve, gre, gretap matching support [nft,v2,01/16] src: add eval_proto_ctx() [nft,v2,02/16] src: add dl_proto_ctx() [nft,v2,03/16] src: add vxlan matching support [nft,v2,04/16] tests: py: add vxlan tests [nft,v2,05/16] tests: shell: add vxlan set tests [nft,v2,06/16] doc: add vxlan matching expression [nft,v2,07/16] src: display (inner) tag in --debug=proto-ctx [nft,v2,08/16] src: add gre support [nft,v2,09/16] tests: py: add gre tests [nft,v2,10/16] doc: add gre matching expression [nft,v2,11/16] src: add geneve matching support [nft,v2,12/16] tests: py: add geneve tests [nft,v2,13/16] doc: add geneve matching expression [nft,v2,14/16] src: add gretap support [nft,v2,15/16] tests: py: add gretap tests [nft,v2,16/16] doc: add gretap matching expression

Message ID

20221017110408.742223-7-pablo@netfilter.org

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft,v2 06/16] doc: add vxlan matching expression
Date: Mon, 17 Oct 2022 13:03:58 +0200
Message-Id: <20221017110408.742223-7-pablo@netfilter.org>
In-Reply-To: <20221017110408.742223-1-pablo@netfilter.org>
References: <20221017110408.742223-1-pablo@netfilter.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

vxlan, geneve, gre, gretap matching support | expand

Commit Message

Pablo Neira Ayuso Oct. 17, 2022, 11:03 a.m. UTC

Document new vxlan matching expression. This includes support for
matching the encapsulated ethernet frame layer 2, 3 and 4 headers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/payload-expression.txt | 71 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 113f5bfc597c..c80198878c1a 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -532,6 +532,77 @@  compression Parameter Index |
 integer (16 bit)
 |============================
 
+VXLAN HEADER EXPRESSION
+~~~~~~~~~~~~~~~~~~~~~~~
+[verse]
+*vxlan* {*vni* | *flags*}
+*vxlan* *ether* {*daddr* | *saddr* | *type*}
+*vxlan* *vlan* {*id* | *dei* | *pcp* | *type*}
+*vxlan* *ip* {*version* | *hdrlength* | *dscp* | *ecn* | *length* | *id* | *frag-off* | *ttl* | *protocol* | *checksum* | *saddr* | *daddr* }
+*vxlan* *ip6* {*version* | *dscp* | *ecn* | *flowlabel* | *length* | *nexthdr* | *hoplimit* | *saddr* | *daddr*}
+*vxlan* *tcp* {*sport* | *dport* | *sequence* | *ackseq* | *doff* | *reserved* | *flags* | *window* | *checksum* | *urgptr*}
+*vxlan* *udp* {*sport* | *dport* | *length* | *checksum*}
+
+The vxlan expression is used to match on the vxlan header fields. The vxlan
+header encapsulates a ethernet frame within a *udp* packet. This expression
+requires that you restrict the matching to *udp* packets (usually at
+port 4789 according to IANA-assigned ports).
+
+.VXLAN header expression
+[options="header"]
+|==================
+|Keyword| Description| Type
+|flags|
+vxlan flags|
+integer (8 bit)
+|vni|
+Virtual Network ID (VNI)|
+integer (24 bit)
+|==================
+
+.Matching inner TCP destination port encapsulated in vxlan
+----------------------------------------------------------
+netdev filter ingress udp dport 4789 vxlan tcp dport 80 counter
+----------------------------------------------------------
+
+ARP HEADER EXPRESSION
+~~~~~~~~~~~~~~~~~~~~~
+[verse]
+*arp* {*htype* | *ptype* | *hlen* | *plen* | *operation* | *saddr* { *ip* | *ether* } | *daddr* { *ip* | *ether* }
+
+.ARP header expression
+[options="header"]
+|==================
+|Keyword| Description| Type
+|htype|
+ARP hardware type|
+integer (16 bit)
+|ptype|
+EtherType|
+ether_type
+|hlen|
+Hardware address len|
+integer (8 bit)
+|plen|
+Protocol address len |
+integer (8 bit)
+|operation|
+Operation |
+arp_op
+|saddr ether|
+Ethernet sender address|
+ether_addr
+|daddr ether|
+Ethernet target address|
+ether_addr
+|saddr ip|
+IPv4 sender address|
+ipv4_addr
+|daddr ip|
+IPv4 target address|
+ipv4_addr
+|======================
+
 RAW PAYLOAD EXPRESSION
 ~~~~~~~~~~~~~~~~~~~~~~
 [verse]

[nft,v2,06/16] doc: add vxlan matching expression

Commit Message

Patch