From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: [PATCH 1/1] doc: update ct expression Date: Thu, 14 Jan 2016 04:56:57 +0100 Message-ID: <1452743817-28261-1-git-send-email-fw@strlen.de> Cc: Florian Westphal To: Return-path: Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:33760 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750768AbcAND5J (ORCPT ); Wed, 13 Jan 2016 22:57:09 -0500 Sender: netfilter-devel-owner@vger.kernel.org List-ID: Signed-off-by: Florian Westphal --- doc/nft.xml | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/doc/nft.xml b/doc/nft.xml index dbc9cd5..7cc9988 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1931,6 +1931,13 @@ filter output oif eth0 Conntrack expressions refer to meta data of the connection tracking entry associated with a packet. + There are three types of conntrack expressions. Some conntrack expressions require the flow + direction before the conntrack key, others must be used directly because they are + direction agnostic. The packets and bytes keywords can be used + with or without a direction. If the direction is omitted, the sum of the original and the reply + direction is returned. + + ct @@ -1941,12 +1948,22 @@ filter output oif eth0 expiration helper label - l3proto - saddr - daddr - protocol - proto-src - proto-dst + bytes + packets + + + original + reply + + l3proto + protocol + saddr + daddr + proto-src + proto-dst + bytes + packets + @@ -2003,7 +2020,7 @@ filter output oif eth0 l3proto Layer 3 protocol of the connection - nf_proto FIXME + nf_proto saddr @@ -2023,12 +2040,22 @@ filter output oif eth0 proto-src Layer 4 protocol source for the given direction - FIXME + integer (16 bit) proto-dst Layer 4 protocol destination for the given direction - FIXME + integer (16 bit) + + + packets + packet count seen in the given direction or sum of original and reply + integer (64 bit) + + + bytes + bytecount seen, see description for packets keyword + integer (64 bit) -- 2.4.10