From patchwork Thu Jan 14 03:56:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 567256 X-Patchwork-Delegate: fw@strlen.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id CF3FF1402A1 for ; Thu, 14 Jan 2016 14:57:12 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750866AbcAND5K (ORCPT ); Wed, 13 Jan 2016 22:57:10 -0500 Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:33760 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750768AbcAND5J (ORCPT ); Wed, 13 Jan 2016 22:57:09 -0500 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.80) (envelope-from ) id 1aJZ24-00051D-0l; Thu, 14 Jan 2016 04:57:08 +0100 From: Florian Westphal To: Cc: Florian Westphal Subject: [PATCH 1/1] doc: update ct expression Date: Thu, 14 Jan 2016 04:56:57 +0100 Message-Id: <1452743817-28261-1-git-send-email-fw@strlen.de> X-Mailer: git-send-email 2.4.10 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- doc/nft.xml | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/doc/nft.xml b/doc/nft.xml index dbc9cd5..7cc9988 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1931,6 +1931,13 @@ filter output oif eth0 Conntrack expressions refer to meta data of the connection tracking entry associated with a packet. + There are three types of conntrack expressions. Some conntrack expressions require the flow + direction before the conntrack key, others must be used directly because they are + direction agnostic. The packets and bytes keywords can be used + with or without a direction. If the direction is omitted, the sum of the original and the reply + direction is returned. + + ct @@ -1941,12 +1948,22 @@ filter output oif eth0 expiration helper label - l3proto - saddr - daddr - protocol - proto-src - proto-dst + bytes + packets + + + original + reply + + l3proto + protocol + saddr + daddr + proto-src + proto-dst + bytes + packets + @@ -2003,7 +2020,7 @@ filter output oif eth0 l3proto Layer 3 protocol of the connection - nf_proto FIXME + nf_proto saddr @@ -2023,12 +2040,22 @@ filter output oif eth0 proto-src Layer 4 protocol source for the given direction - FIXME + integer (16 bit) proto-dst Layer 4 protocol destination for the given direction - FIXME + integer (16 bit) + + + packets + packet count seen in the given direction or sum of original and reply + integer (64 bit) + + + bytes + bytecount seen, see description for packets keyword + integer (64 bit)