[nft PATCH] doc: Document notrack statement

[nft PATCH] doc: Document notrack statement

[Phil Sutter]

Merely a stub, but better to mention it explicitly instead of having it
appear in synproxy examples and letting users guess as to what it does.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 doc/statements.txt | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/doc/statements.txt b/doc/statements.txt
index ced311cb8d175..607aee133a993 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -263,6 +263,20 @@ table inet raw {
 ct event set new,related,destroy
 --------------------------------------
 
+NOTRACK STATEMENT
+~~~~~~~~~~~~~~~~~
+The notrack statement allows to disable connection tracking for certain
+packets.
+
+[verse]
+*notrack*
+
+Note that for this statement to be effective, it has to be applied to packets
+before a conntrack lookup happens. Therefore, it needs to sit in a chain with
+either prerouting or output hook and a hook priority of -300 or less.
+
+See SYNPROXY STATEMENT for an example usage.
+
 META STATEMENT
 ~~~~~~~~~~~~~~
 A meta statement sets the value of a meta expression. The existing meta fields
-- 
2.27.0

Re: [nft PATCH] doc: Document notrack statement

[Florian Westphal]

Phil Sutter <phil@nwl.cc> wrote:
> Merely a stub, but better to mention it explicitly instead of having it
> appear in synproxy examples and letting users guess as to what it does.
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Reviewed-by: Florian Westphal <fw@strlen.de>