These were found by a combination of tkdiff and side-by-side man pages
Most changes preserve or (occasionally) fix highlighting, casing or plurality.
No major omissions were found.
- data-types.txt: (Nothing special)
- nft.txt:
-- changed "`nft' stands for Netfilter" back to "`nf' stands for Netfilter"
-- removed mysterious plus sign
- payload-expression.txt:
-- XML had MTU as 16-bit so changed back from 32. Is that correct?
- primary-expression.txt: (Nothing special)
- statements.txt: (Nothing special)
This patch does not address any of the following observations:
1. Title has changed from nft to NFT
2. There is no attempt at justification.
3. There is no attempt at hyphenation.
4. Long lines of code now wrap instead of indenting nicely.
See e.g. "tcp option" line under EXTENSION HEADER EXPRESSIONS
5. Tables have a lot of empty lines in them.
6. Occasionally there is severe wrapping,
e.g. under CHAINS see add/create/delete/&c. which wrap at about cc40.
Signed-off-by: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
---
doc/data-types.txt | 2 +-
doc/nft.txt | 21 ++++++++++-----------
doc/payload-expression.txt | 40 ++++++++++++++++++++--------------------
doc/primary-expression.txt | 10 +++++-----
doc/statements.txt | 8 ++++----
5 files changed, 40 insertions(+), 41 deletions(-)
diff --git a/doc/data-types.txt b/doc/data-types.txt
index 8bbdd57..7a02a21 100644
--- a/doc/data-types.txt
+++ b/doc/data-types.txt
@@ -24,7 +24,7 @@ variable |
integer
|===================
-The bitmask type (bitmask) is used for bitmasks.
+The bitmask type (*bitmask*) is used for bitmasks.
STRING TYPE
~~~~~~~~~~~~
diff --git a/doc/nft.txt b/doc/nft.txt
index 0f824a5..20ae54b 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -17,7 +17,7 @@ DESCRIPTION
-----------
nft is the command line tool used to set up, maintain and inspect packet
filtering and classification rules in the Linux kernel, in the nftables
-framework. The Linux kernel subsystem is known as nf_tables, and `nft' stands
+framework. The Linux kernel subsystem is known as nf_tables, and `nf' stands
for Netfilter.
OPTIONS
@@ -145,12 +145,12 @@ address family the kernel contains so called hooks at specific stages of the
packet processing paths, which invoke nftables if rules for these hooks exist.
[horizontal]
-ip:: IPv4 address family.
-ip6:: IPv6 address family.
-inet:: Internet (IPv4/IPv6) address family.
-arp:: ARP address family, handling IPv4 ARP packets.
-bridge:: Bridge address family, handling packets which traverse a bridge device.
-netdev:: Netdev address family, handling packets from ingress.
+*ip*:: IPv4 address family.
+*ip6*:: IPv6 address family.
+*inet*:: Internet (IPv4/IPv6) address family.
+*arp*:: ARP address family, handling IPv4 ARP packets.
+*bridge*:: Bridge address family, handling packets which traverse a bridge device.
+*netdev*:: Netdev address family, handling packets from ingress.
All nftables objects exist in address family specific namespaces, therefore all
identifiers include an address family. If an identifier is specified without an
@@ -232,7 +232,7 @@ no packet filtering will happen anymore, so the kernel accepts any valid packet
it receives.
*export*:: Print the ruleset in machine readable format. The mandatory 'format'
-parameter may be either *xml* or *json*.
+parameter may be either xml or json.
It is possible to limit *list* and *flush* to a specific address family only.
For a list of valid family names, see <<ADDRESS_FAMILIES>> above.
@@ -360,7 +360,7 @@ RULES
replace *rule* ['family'] 'table' 'chain' handle 'handle' 'statement'...
delete *rule* ['family'] 'table' 'chain' handle 'handle'
-Rules are added to chain in the given table. If the family is not specified, the
+Rules are added to chains in the given table. If the family is not specified, the
ip family is used. Rules are constructed from two kinds of components according
to a set of grammatical rules: expressions and statements.
@@ -571,7 +571,6 @@ numbers etc. or data gathered from the packet during ruleset evaluation.
Expressions can be combined using binary, logical, relational and other types of
expressions to form complex or relational (match) expressions. They are also
used as arguments to certain types of operations, like NAT, packet marking etc.
-+
Each expression has a data type, which determines the size, parsing and
representation of symbolic values and type compatibility with other expressions.
@@ -717,7 +716,7 @@ filter output tcp dport == tcp dport
-----------------------------
<cmdline>:0:0-23: Error: Could not process rule: Operation not permitted
filter output oif wlan0
- ^^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^
---------------------------------
EXIT STATUS
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 8fc1c91..b67818b 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -70,7 +70,7 @@ arp_op
IPV4 HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~
[verse]
-ip ['IPv4' 'header' 'field']
+*ip* ['IPv4' 'header' 'field']
.IPv4 header expression
[options="header"]
@@ -117,7 +117,7 @@ ipv4_addr
ICMP HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~
[verse]
-icmp ['ICMP' 'header' 'field']
+*icmp* ['ICMP' 'header' 'field']
.ICMP header expression
[options="header"]
@@ -131,7 +131,7 @@ ICMP code field |
integer (8 bit)
|checksum|
ICMP checksum field |
-integer (16 nit)
+integer (16 bit)
|id|
ID of echo request/response |
integer (16 bit)
@@ -143,19 +143,19 @@ gateway of redirects|
integer (32 bit)
|mtu|
MTU of path MTU discovery|
-integer (32 bit)
+integer (16 bit)
|============================
IPV6 HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~
[verse]
-ip6 ['IPv6' 'header' 'field']
+*ip6* ['IPv6' 'header' 'field']
-This expression refers to the ipv6 header fields. Caution when using ip6
-nexthdr, the value only refers to the next header, i.e. ip6 nexthdr tcp will
+This expression refers to the ipv6 header fields. Caution when using *ip6
+nexthdr*, the value only refers to the next header, i.e. *ip6 nexthdr tcp* will
only match if the ipv6 packet does not contain any extension headers. Packets
that are fragmented or e.g. contain a routing extension headers will not be
-matched. Please use meta l4proto if you wish to match the real transport header
+matched. Please use *meta l4proto* if you wish to match the real transport header
and ignore any additional extension headers instead.
.IPv6 header expression
@@ -192,12 +192,12 @@ ipv6_addr
|=======================
*matching if first extension header indicates a fragment* +
-ip6 nexthdr ipv6-frag counter
+*ip6* nexthdr ipv6-frag counter
ICMPV6 HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~~~~
[verse]
-icmpv6 ['ICMPv6' 'header' 'field']
+*icmpv6* ['ICMPv6' 'header' 'field']
.ICMPv6 header expression
[options="header"]
@@ -232,14 +232,14 @@ integer (16 bit)
TCP HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~
[verse]
-tcp ['TCP' 'header' 'field']
+*tcp* ['TCP' 'header' 'field']
.TCP header expression
[options="header"]
|==================
|Keyword| Description| Type
|sport|
-source port|
+Source port|
inet_service
|dport|
Destination port|
@@ -258,12 +258,12 @@ Reserved area |
integer (4 bit)
|flags|
TCP flags|
-tcp_flags
+tcp_flag
|window|
Window|
integer (16 bit)
|checksum|
-checksum|
+Checksum|
integer (16 bit)
|urgptr|
Urgent pointer|
@@ -273,14 +273,14 @@ integer (16 bit)
UDP HEADER EXPRESSION
~~~~~~~~~~~~~~~~~~~~~
[verse]
-udp ['UDP' 'header' 'field']
+*udp* ['UDP' 'header' 'field']
.UDP header expression
[options="header"]
|==================
|Keyword| Description| Type
|sport|
-source port|
+Source port|
inet_service
|dport|
Destination port|
@@ -303,7 +303,7 @@ UDP-LITE HEADER EXPRESSION
|==================
|Keyword| Description| Type
|sport|
-source port|
+Source port|
inet_service
|dport|
Destination port|
@@ -323,7 +323,7 @@ SCTP HEADER EXPRESSION
|==================
|Keyword| Description| Type
|sport|
-source port|
+Source port|
inet_service
|dport|
Destination port|
@@ -346,7 +346,7 @@ DCCP HEADER EXPRESSION
|==================
|Keyword| Description| Type
|sport|
-source port|
+Source port|
inet_service
|dport|
Destination port|
@@ -604,7 +604,7 @@ integer (64 bit)
byte count seen, see description for *packets* keyword |
integer (64 bit)
|avgpkt|
-average bytes per packet, see description for packets keyword |
+average bytes per packet, see description for *packets* keyword |
integer (64 bit)
|zone|
conntrack zone |
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index 13adfe3..4ca096d 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -1,7 +1,7 @@
META EXPRESSIONS
~~~~~~~~~~~~~~~~
[verse]
-meta {length | nfproto | l4proto | protocol | priority}
+*meta* {length | nfproto | l4proto | protocol | priority}
[meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype |
skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu
| iifgroup | oifgroup | cgroup | random | secpath}
@@ -75,7 +75,7 @@ packet type|
pkt_type
|cpu|
cpu number processing the packet|
-integer (32 bits)
+integer (32 bit)
|iifgroup|
incoming device group|
devgroup
@@ -87,7 +87,7 @@ control group id |
integer (32 bit)
|random|
pseudo-random number|
-integer (32 bits)
+integer (32 bit)
|secpath|
boolean|
boolean (1 bit)
@@ -205,7 +205,7 @@ table inet x {
FIB EXPRESSIONS
~~~~~~~~~~~~~~~
[verse]
-fib {saddr | daddr | {mark | iif | oif}} {oif | oifname | type}
+*fib* {saddr | daddr | {mark | iif | oif}} {oif | oifname | type}
A fib expression queries the fib (forwarding information base) to obtain
information such as the output interface index a particular address would use.
@@ -242,7 +242,7 @@ filter prerouting meta mark set 0xdead fib daddr . mark type vmap { blackhole :
ROUTING EXPRESSIONS
~~~~~~~~~~~~~~~~~~~
[verse]
-rt {classid | nexthop}
+*rt* {classid | nexthop}
A routing expression refers to routing data associated with a packet.
diff --git a/doc/statements.txt b/doc/statements.txt
index 8a54a6b..b8b7a60 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -89,7 +89,7 @@ string: emerg, alert, crit, err, warn [default], notice, info, debug
NFLOG group to send messages to|
unsigned integer (16 bit)
|snaplen|
-Length of packet payload to include in netlink messages |
+Length of packet payload to include in netlink message |
unsigned integer (32 bit)
|queue-threshold|
Number of packets to queue inside the kernel before sending them to userspace |
@@ -247,7 +247,7 @@ mark
packet type |
pkt_type
|nftrace |
-ruleset packet tracing on/off. Use monitor trace command to watch traces|
+ruleset packet tracing on/off. Use *monitor trace* command to watch traces|
0, 1
|==========================
@@ -320,7 +320,7 @@ expression key with address value. |
ipv4_addr, ipv6_addr, e.g. abcd::1234, or you can use a mapping, e.g. meta mark map { 10 : 192.168.1.2, 20 : 192.168.1.3 }
|port|
Specifies that the source/destination address of the packet should be modified. |
-port number (16 bits)
+port number (16 bit)
|===============================
.NAT statement flags
@@ -475,7 +475,7 @@ destination.
|Expression | Description | Type
|address |
Specifies that the copy of the packet should be sent to a new gateway.|
-ipv4_addr, ipv6_addr, e.g. abcd::1234, or you can use a mapping. e.g. ip saddr map { 192.168.1.2 : 10.1.1.1 }
+ipv4_addr, ipv6_addr, e.g. abcd::1234, or you can use a mapping, e.g. ip saddr map { 192.168.1.2 : 10.1.1.1 }
|device |
Specifies that the copy should be transmitted via device. |
string
--
2.9.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
