These were found by ispell -p ./ispell_nft *.txt in nftables/doc.
- ispell.nft: Added some new words
- nft.txt: (nothing special)
- payload-expression.txt: lengthbits and offsetbits were run together
before the conversion to .txt, but the conversion lost the underlining
- primary-expression.txt: ispell suggested rtclassid instead of rtlclassid,
which agres with previous usage
- stateful-objects.txt: (nothing special)
- statements.txt: nonbase chains changed back to non-base chains as it used to
be
Signed-off-by: Duncan Roe <duncan_roe@optusnet.com.au>
Signed-off-by: Florian Westphal <fw@strlen.de>
conntrack
cpi
cpu
+creativecommons
crit
ct
ctnetlink
datatype
dccp
devgroup
+DF
dir
dmesg
dnat
nh
nNscae
noop
+ntp
num
obrname
oif
oiftype
op
org
+os
+osf
pablo
parseable
pcp
+pf
pkt
pkttype
plen
rt
rtclassid
ruleset
-SA
+sa
saddr
sbin
sctp
sid
skgid
skuid
+smux
snaplen
snat
spi
tc
tcp
TCPMSS
+tproxy
tsecr
tsval
ttl
+txt
udp
udplite
uid
BRIDGE ADDRESS FAMILY
~~~~~~~~~~~~~~~~~~~~~
-The bridge address family handles ethernet packets traversing bridge devices.
+The bridge address family handles Ethernet packets traversing bridge devices.
The list of supported hooks is identical to IPv4/IPv6/Inet address families above.
elements contained by the set |
set data type
|size |
-maximun number of elements in the set, mandatory if set is added to from the packet path (ruleset).|
+maximum number of elements in the set, mandatory if set is added to from the packet path (ruleset).|
unsigned integer (64 bit)
|policy |
set policy |
elements contained by the map |
map data type
|size |
-maximun number of elements in the map |
+maximum number of elements in the map |
unsigned integer (64 bit)
| policy |
map policy |
[verse]
*@* [base,offset,length]
-The raw payload expression instructs to load lengthbits starting at offsetbits.
+The raw payload expression instructs to load 'length' bits starting at 'offset' bits.
Bit 0 refers to the very first bit -- in the C programming language, this
corresponds to the topmost bit, i.e. 0x80 in case of an octet. They are useful
to match headers that do not have a human-readable template expression yet. Note
Output interface name|
ifname
|oiftype|
-Outout interface hardware type|
+Output interface hardware type|
iface_type
|skuid|
UID associated with originating socket|
|skgid|
GID associated with originating socket|
gid
-|rtlclassid|
+|rtclassid|
Routing realm|
realm
|ibrname|
|Keyword | Description | Type
|quota |
quota limit, used as the quota name |
-Two arguments, unsigned interger (64 bit) and string: bytes, kbytes, mbytes.
+Two arguments, unsigned integer (64 bit) and string: bytes, kbytes, mbytes.
"over" and "until" go before these arguments
|used |
initial value of used quota |
-Two arguments, unsigned interger (64 bit) and string: bytes, kbytes, mbytes
+Two arguments, unsigned integer (64 bit) and string: bytes, kbytes, mbytes
|=================
Syslog level of logging |
string: emerg, alert, crit, err, warn [default], notice, info, debug
|group|
-NFLOG group to sned messages to|
+NFLOG group to send messages to|
unsigned integer (16 bit)
|snaplen|
Length of packet payload to include in netlink messages |
unsigned integer (32 bit)
|queue-threshold|
-Number of packets to queue inside the kernel before sending them to userpace |
+Number of packets to queue inside the kernel before sending them to userspace |
unsigned integer (32 bit)
|==================================
input chains, *masquerade* makes sense only in postrouting. The dnat and
redirect statements are only valid in the prerouting and output chains, they
specify that the destination address of the packet should be modified. You can
-use nonbase chains which are called from base chains of nat chain type too.
+use non-base chains which are called from base chains of nat chain type too.
All future packets in this connection will also be mangled, and rules should
cease being examined.
projects / thirdparty / nftables.git / commitdiff
