From: Máté Eckl Date: Tue, 3 Jul 2018 14:20:10 +0000 (+0200) Subject: doc: Add socket expression to man page X-Git-Tag: v0.9.1~367 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6cebd48bfc365b39cb65b6b46cee3f0482408202;p=thirdparty%2Fnftables.git doc: Add socket expression to man page Signed-off-by: Máté Eckl --- diff --git a/doc/nft.xml b/doc/nft.xml index dc93a8c6..ef1b2c4e 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -3015,6 +3015,62 @@ raw prerouting meta secpath exists accept + + socket expression + + + socket + + transparent + + + + + Socket expression can be used to search for an existing open TCP/UDP socket + and its attributes that can be associated with a packet. It looks for an + established or non-zero bound listening socket (possibly with a non-local address). + + + + Available socket attributes + + + + + + + Name + Description + Type + + + + + transparent + + Value of the IP_TRANSPARENT socket option in the found socket. It can be 0 or 1. + + boolean (1 bit) + + + +
+ + + + Using socket expression + +# Mark packets that correspond to a transparent socket +table inet x { + chain y { + type filter hook prerouting priority -150; policy accept; + socket transparent 1 mark set 0x00000001 accept + } +} + + + + fib expressions