commit 9ed821d7e5d875a3395740a9cc2545671fa429b7
author lh <lh@exm.com> Fri Apr 07 01:36:19 2023 -0700
committer lh <lh@exm.com> Fri Apr 07 01:36:19 2023 -0700
tree 121b5ff9a43e30066e3b33d57065b04bcf9bbabf
parent a10a76fcf09e2ec7e9055902f242dff467ab9654

[T106][ZXW-22]7520V3SCV2.01.01.02P42U09_VEC_V0.8_AP_VEC origin source commit

Change-Id: Ic6e05d89ecd62fc34f82b23dcf306c93764aec4b

ap/app/iptables/extensions/libxt_conntrack.man

diff --git a/ap/app/iptables/extensions/libxt_conntrack.man b/ap/app/iptables/extensions/libxt_conntrack.man
new file mode 100755
index 0000000..b3d9e73
--- /dev/null
+++ b/ap/app/iptables/extensions/libxt_conntrack.man
@@ -0,0 +1,81 @@
+This module, when combined with connection tracking, allows access to the
+connection tracking state for this packet/connection.
+.TP
+[\fB!\fR] \fB\-\-ctstate\fP \fIstatelist\fP
+\fIstatelist\fR is a comma separated list of the connection states to match.
+Possible states are listed below.
+.TP
+[\fB!\fR] \fB\-\-ctproto\fP \fIl4proto\fP
+Layer-4 protocol to match (by number or name)
+.TP
+[\fB!\fR] \fB\-\-ctorigsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+.TP
+[\fB!\fR] \fB\-\-ctorigdst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+.TP
+[\fB!\fR] \fB\-\-ctreplsrc\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+.TP
+[\fB!\fR] \fB\-\-ctrepldst\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+Match against original/reply source/destination address
+.TP
+[\fB!\fR] \fB\-\-ctorigsrcport\fP \fIport\fP
+.TP
+[\fB!\fR] \fB\-\-ctorigdstport\fP \fIport\fP
+.TP
+[\fB!\fR] \fB\-\-ctreplsrcport\fP \fIport\fP
+.TP
+[\fB!\fR] \fB\-\-ctrepldstport\fP \fIport\fP
+Match against original/reply source/destination port (TCP/UDP/etc.) or GRE key.
+.TP
+[\fB!\fR] \fB\-\-ctstatus\fP \fIstatelist\fP
+\fIstatuslist\fR is a comma separated list of the connection statuses to match.
+Possible statuses are listed below.
+.TP
+[\fB!\fR] \fB\-\-ctexpire\fP \fItime\fP[\fB:\fP\fItime\fP]
+Match remaining lifetime in seconds against given value or range of values
+(inclusive)
+.TP
+\fB\-\-ctdir\fP {\fBORIGINAL\fP|\fBREPLY\fP}
+Match packets that are flowing in the specified direction. If this flag is not
+specified at all, matches packets in both directions.
+.PP
+States for \fB\-\-ctstate\fP:
+.TP
+\fBINVALID\fR
+meaning that the packet is associated with no known connection
+.TP
+\fBNEW\fR
+meaning that the packet has started a new connection, or otherwise associated
+with a connection which has not seen packets in both directions, and
+.TP
+\fBESTABLISHED\fR
+meaning that the packet is associated with a connection which has seen packets
+in both directions,
+.TP
+\fBRELATED\fR
+meaning that the packet is starting a new connection, but is associated with an
+existing connection, such as an FTP data transfer, or an ICMP error.
+.TP
+\fBSNAT\fR
+A virtual state, matching if the original source address differs from the reply
+destination.
+.TP
+\fBDNAT\fR
+A virtual state, matching if the original destination differs from the reply
+source.
+.PP
+Statuses for \fB\-\-ctstatus\fP:
+.TP
+\fBNONE\fR
+None of the below.
+.TP
+\fBEXPECTED\fR
+This is an expected connection (i.e. a conntrack helper set it up)
+.TP
+\fBSEEN_REPLY\fR
+Conntrack has seen packets in both directions.
+.TP
+\fBASSURED\fR
+Conntrack entry should never be early-expired.
+.TP
+\fBCONFIRMED\fR
+Connection is confirmed: originating packet has left box.