Re: [PATCH iproute2/net-next] man: tc-ct.8: Add manual page for ct tc action

From: Edward Cree <ecree@solarflare.com>
To: Paul Blakey <paulb@mellanox.com>, <netdev@vger.kernel.org>,
	<dsahern@gmail.com>, <davem@davemloft.net>,
	Jiri Pirko <jiri@mellanox.com>
Cc: <ozsh@mellanox.com>, <roid@mellanox.com>
Subject: Re: [PATCH iproute2/net-next] man: tc-ct.8: Add manual page for ct tc action
Date: Thu, 14 May 2020 15:22:03 +0100	[thread overview]
Message-ID: <b7e57c78-3bf5-bf48-0a15-d862e2697df0@solarflare.com> (raw)
In-Reply-To: <1589465420-12119-1-git-send-email-paulb@mellanox.com>

On 14/05/2020 15:10, Paul Blakey wrote:
> Signed-off-by: Paul Blakey <paulb@mellanox.com>
> ---
>  man/man8/tc-ct.8     | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++
>  man/man8/tc-flower.8 |   6 +++
>  2 files changed, 113 insertions(+)
>  create mode 100644 man/man8/tc-ct.8
Glad to see this, better tc documentation generally is sorely needed.
See comments inline below.

> diff --git a/man/man8/tc-ct.8 b/man/man8/tc-ct.8
> new file mode 100644
> index 0000000..45d2932
> --- /dev/null
> +++ b/man/man8/tc-ct.8
> @@ -0,0 +1,107 @@
> +.TH "ct action in tc" 8 "14 May 2020" "iproute2" "Linux"
> +.SH NAME
> +ct \- tc connection tracking action
> +.SH SYNOPSIS
> +.in +8
> +.ti -8
> +.BR "tc ... action ct commit [ force ] [ zone "
> +.IR ZONE
> +.BR "] [ mark "
> +.IR MASKED_MARK
> +.BR "] [ label "
> +.IR MASKED_LABEL
> +.BR "] [ nat "
> +.IR NAT_SPEC
> +.BR "]"
> +
> +.ti -8
> +.BR "tc ... action ct [ nat ] [ zone "
> +.IR ZONE
> +.BR "]"
> +
> +.ti -8
> +.BR "tc ... action ct clear"
> +
> +.SH DESCRIPTION
> +The ct action is a tc action for sending packets and interacting with the netfilter conntrack module.
> +
> +It can (as shown in the synopsis, in order):
> +
> +Send the packet to conntrack, and commit the connection, while configuring
> +a 32bit mark, 128bit label, and src/dst nat.
> +
> +Send the packet to conntrack, which will mark the packet with the connection's state and
> +configured metadata (mark/label), and execute previous configured nat.
"... and optionally execute..." perhaps?
Since it'll only do this if the 'nat' option was passed.

> +
> +Clear the packet's of previous connection tracking state.
> +
> +.SH OPTIONS
> +.TP
> +.BI zone " ZONE"
> +Specify a conntrack zone number on which to send the packet to conntrack.
> +.TP
> +.BI mark " MASKED_MARK"
> +Specify a masked 32bit mark to set for the connection (only valid with commit).
> +.TP
> +.BI label " MASKED_LABEL"
> +Specify a masked 128bit label to set for the connection (only valid with commit).
> +.TP
> +.BI nat " NAT_SPEC"
> +.BI Where " NAT_SPEC " ":= {src|dst} addr" " addr1" "[-" "addr2" "] [port " "port1" "[-" "port2" "]]"
> +
> +Specify src/dst and range of nat to configure for the connection (only valid with commit).
> +.RS
> +.TP
> +src/dst - configure src or dst nat
> +.TP
> +.BI  "" "addr1" "/" "addr2" " - IPv4/IPv6 addresses"
> +.TP
> +.BI  "" "port1" "/" "port2" " - Port numbers"
> +.RE
> +.TP
> +.BI nat
> +Restore any previous configured nat.
> +.TP
> +.BI clear
> +Remove any conntrack state and metadata (mark/label) from the packet (must only option 
"... must be only option...".

- Ed