>From 69842ef64825014c9c7f6054783d5af172f7879d Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Tue, 12 Jun 2018 22:58:39 -0400 Subject: [PATCH 2/5] In tcp-nat.8, change command synopsis to a form that can be parsed. (This means getting rid of the pseudo-BNF := notation.) Also, correct a misspelling. Signed-off-by: Eric S. Raymond --- man/man8/tc-nat.8 | 45 ++++++++++++++++++++------------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/man/man8/tc-nat.8 b/man/man8/tc-nat.8 index fdcc052a..3617ac6c 100644 --- a/man/man8/tc-nat.8 +++ b/man/man8/tc-nat.8 @@ -6,22 +6,9 @@ nat - stateless native address translation action .in +8 .ti -8 .BR tc " ... " "action nat" -.I DIRECTION OLD NEW +.RB "{ " ingress " | " egress " }" +old-addr new-addr -.ti -8 -.IR DIRECTION " := { " -.BR ingress " | " egress " }" - -.ti -8 -.IR OLD " := " IPV4_ADDR_SPEC - -.ti -8 -.IR NEW " := " IPV4_ADDR_SPEC - -.ti -8 -.IR IPV4_ADDR_SPEC " := { " -.BR default " | " any " | " all " | " -\fIin_addr\fR[\fB/\fR{\fIprefix\fR|\fInetmask\fR}] .SH DESCRIPTION The .B nat @@ -39,38 +26,46 @@ Translate destination addresses, i.e. perform DNAT. .B egress Translate source addresses, i.e. perform SNAT. .TP -.I OLD +.I old-addr Specifies addresses which should be translated. .TP -.I NEW +.I new-addr Specifies addresses which -.I OLD +.I old-addr should be translated into. .SH NOTES The accepted address format in -.IR OLD " and " NEW +.IR old-addr " and " new-addr is quite flexible. It may either consist of one of the keywords .BR default ", " any " or " all , representing the all-zero IP address or a combination of IP address and netmask or prefix length separated by a slash .RB ( / ) sign. In any case, the mask (or prefix length) value of -.I OLD +.I old-addr is used for -.I NEW +.I new-addr as well so that a one-to-one mapping of addresses is assured. +.PP +The most general form is + +.RS +.BR default " | " any " | " all " | " +\fIin_addr\fR[\fB/\fR{\fIprefix\fR|\fInetmask\fR}] +.RE + Address translation is done using a combination of binary operations. First, the original (source or destination) address is matched against the value of -.IR OLD . +.IR old-addr . If the original address fits, the new address is created by taking the leading bits from -.I NEW +.I new-addr (defined by the netmask of -.IR OLD ) +.IR old-addr ) and taking the remaining bits from the original address. -There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP. +There is rudimentary support for upper layer protocols, namely TCP, UDP and ICMP. While for the first two only checksum recalculation is performed, the action also takes care of embedded IP headers in ICMP packets by translating the respective address therein, too. -- 2.17.1