From 2b76da0df5f8c8ebd103bdd1d41eb4b5189d7e53 Mon Sep 17 00:00:00 2001
From: johannst <johannst@users.noreply.github.com>
Date: Wed, 11 Jan 2023 15:48:12 +0000
Subject: deploy: 0c50a95dc93471cf69f522adfc31ff4c56c53e9d

---
 print.html | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 103 insertions(+), 2 deletions(-)

(limited to 'print.html')

diff --git a/print.html b/print.html
index 1db1148..82fc70b 100644
--- a/print.html
+++ b/print.html
@@ -81,7 +81,7 @@
 
         <nav id="sidebar" class="sidebar" aria-label="Table of contents">
             <div class="sidebar-scrollbox">
-                <ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded "><a href="tools/index.html"><strong aria-hidden="true">1.</strong> Tools</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="tools/zsh.html"><strong aria-hidden="true">1.1.</strong> zsh</a></li><li class="chapter-item expanded "><a href="tools/bash.html"><strong aria-hidden="true">1.2.</strong> bash</a></li><li class="chapter-item expanded "><a href="tools/fish.html"><strong aria-hidden="true">1.3.</strong> fish</a></li><li class="chapter-item expanded "><a href="tools/tmux.html"><strong aria-hidden="true">1.4.</strong> tmux</a></li><li class="chapter-item expanded "><a href="tools/git.html"><strong aria-hidden="true">1.5.</strong> git</a></li><li class="chapter-item expanded "><a href="tools/awk.html"><strong aria-hidden="true">1.6.</strong> awk</a></li><li class="chapter-item expanded "><a href="tools/emacs.html"><strong aria-hidden="true">1.7.</strong> emacs</a></li><li class="chapter-item expanded "><a href="tools/gpg.html"><strong aria-hidden="true">1.8.</strong> gpg</a></li><li class="chapter-item expanded "><a href="tools/gdb.html"><strong aria-hidden="true">1.9.</strong> gdb</a></li><li class="chapter-item expanded "><a href="tools/gdbserver.html"><strong aria-hidden="true">1.10.</strong> gdbserver</a></li><li class="chapter-item expanded "><a href="tools/radare2.html"><strong aria-hidden="true">1.11.</strong> radare2</a></li><li class="chapter-item expanded "><a href="tools/qemu.html"><strong aria-hidden="true">1.12.</strong> qemu</a></li><li class="chapter-item expanded "><a href="tools/pacman.html"><strong aria-hidden="true">1.13.</strong> pacman</a></li><li class="chapter-item expanded "><a href="tools/dot.html"><strong aria-hidden="true">1.14.</strong> dot</a></li></ol></li><li class="chapter-item expanded "><a href="monitor/index.html"><strong aria-hidden="true">2.</strong> Resource analysis & monitor</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="monitor/lsof.html"><strong aria-hidden="true">2.1.</strong> lsof</a></li><li class="chapter-item expanded "><a href="monitor/ss.html"><strong aria-hidden="true">2.2.</strong> ss</a></li><li class="chapter-item expanded "><a href="monitor/pidstat.html"><strong aria-hidden="true">2.3.</strong> pidstat</a></li><li class="chapter-item expanded "><a href="monitor/pgrep.html"><strong aria-hidden="true">2.4.</strong> pgrep</a></li><li class="chapter-item expanded "><a href="monitor/pmap.html"><strong aria-hidden="true">2.5.</strong> pmap</a></li><li class="chapter-item expanded "><a href="monitor/pstack.html"><strong aria-hidden="true">2.6.</strong> pstack</a></li></ol></li><li class="chapter-item expanded "><a href="trace_profile/index.html"><strong aria-hidden="true">3.</strong> Trace and Profile</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="trace_profile/strace.html"><strong aria-hidden="true">3.1.</strong> strace</a></li><li class="chapter-item expanded "><a href="trace_profile/ltrace.html"><strong aria-hidden="true">3.2.</strong> ltrace</a></li><li class="chapter-item expanded "><a href="trace_profile/perf.html"><strong aria-hidden="true">3.3.</strong> perf</a></li><li class="chapter-item expanded "><a href="trace_profile/oprofile.html"><strong aria-hidden="true">3.4.</strong> OProfile</a></li><li class="chapter-item expanded "><a href="trace_profile/time.html"><strong aria-hidden="true">3.5.</strong> time</a></li></ol></li><li class="chapter-item expanded "><a href="binary/index.html"><strong aria-hidden="true">4.</strong> Binary</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="binary/od.html"><strong aria-hidden="true">4.1.</strong> od</a></li><li class="chapter-item expanded "><a href="binary/xxd.html"><strong aria-hidden="true">4.2.</strong> xxd</a></li><li class="chapter-item expanded "><a href="binary/readelf.html"><strong aria-hidden="true">4.3.</strong> readelf</a></li><li class="chapter-item expanded "><a href="binary/objdump.html"><strong aria-hidden="true">4.4.</strong> objdump</a></li><li class="chapter-item expanded "><a href="binary/nm.html"><strong aria-hidden="true">4.5.</strong> nm</a></li></ol></li><li class="chapter-item expanded "><a href="development/index.html"><strong aria-hidden="true">5.</strong> Development</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="development/c++filt.html"><strong aria-hidden="true">5.1.</strong> c++filt</a></li><li class="chapter-item expanded "><a href="development/c++.html"><strong aria-hidden="true">5.2.</strong> c++</a></li><li class="chapter-item expanded "><a href="development/glibc.html"><strong aria-hidden="true">5.3.</strong> glibc</a></li><li class="chapter-item expanded "><a href="development/gcc.html"><strong aria-hidden="true">5.4.</strong> gcc</a></li><li class="chapter-item expanded "><a href="development/make.html"><strong aria-hidden="true">5.5.</strong> make</a></li><li class="chapter-item expanded "><a href="development/ld.so.html"><strong aria-hidden="true">5.6.</strong> ld.so</a></li><li class="chapter-item expanded "><a href="development/symbolver.html"><strong aria-hidden="true">5.7.</strong> symbol versioning</a></li><li class="chapter-item expanded "><a href="development/python.html"><strong aria-hidden="true">5.8.</strong> python</a></li></ol></li><li class="chapter-item expanded "><a href="linux/index.html"><strong aria-hidden="true">6.</strong> Linux</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="linux/systemd.html"><strong aria-hidden="true">6.1.</strong> systemd</a></li><li class="chapter-item expanded "><a href="linux/coredump.html"><strong aria-hidden="true">6.2.</strong> coredump</a></li><li class="chapter-item expanded "><a href="linux/ptrace_scope.html"><strong aria-hidden="true">6.3.</strong> ptrace_scope</a></li><li class="chapter-item expanded "><a href="linux/cryptsetup.html"><strong aria-hidden="true">6.4.</strong> cryptsetup</a></li><li class="chapter-item expanded "><a href="linux/swap.html"><strong aria-hidden="true">6.5.</strong> swap</a></li><li class="chapter-item expanded "><a href="linux/input.html"><strong aria-hidden="true">6.6.</strong> input</a></li></ol></li><li class="chapter-item expanded "><a href="network/index.html"><strong aria-hidden="true">7.</strong> Network</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="network/tcpdump.html"><strong aria-hidden="true">7.1.</strong> tcpdump</a></li><li class="chapter-item expanded "><a href="network/firewall-cmd.html"><strong aria-hidden="true">7.2.</strong> firewall-cmd</a></li></ol></li><li class="chapter-item expanded "><a href="web/index.html"><strong aria-hidden="true">8.</strong> Web</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="web/html.html"><strong aria-hidden="true">8.1.</strong> html</a></li><li class="chapter-item expanded "><a href="web/chartjs.html"><strong aria-hidden="true">8.2.</strong> chartjs</a></li></ol></li><li class="chapter-item expanded "><a href="arch/index.html"><strong aria-hidden="true">9.</strong> Arch</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="arch/x86_64.html"><strong aria-hidden="true">9.1.</strong> x86_64</a></li><li class="chapter-item expanded "><a href="arch/arm64.html"><strong aria-hidden="true">9.2.</strong> arm64</a></li><li class="chapter-item expanded "><a href="arch/armv7.html"><strong aria-hidden="true">9.3.</strong> armv7</a></li><li class="chapter-item expanded "><a href="arch/riscv.html"><strong aria-hidden="true">9.4.</strong> riscv</a></li></ol></li></ol>
+                <ol class="chapter"><li class="chapter-item expanded affix "><a href="intro.html">Introduction</a></li><li class="chapter-item expanded "><a href="tools/index.html"><strong aria-hidden="true">1.</strong> Tools</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="tools/zsh.html"><strong aria-hidden="true">1.1.</strong> zsh</a></li><li class="chapter-item expanded "><a href="tools/bash.html"><strong aria-hidden="true">1.2.</strong> bash</a></li><li class="chapter-item expanded "><a href="tools/fish.html"><strong aria-hidden="true">1.3.</strong> fish</a></li><li class="chapter-item expanded "><a href="tools/tmux.html"><strong aria-hidden="true">1.4.</strong> tmux</a></li><li class="chapter-item expanded "><a href="tools/git.html"><strong aria-hidden="true">1.5.</strong> git</a></li><li class="chapter-item expanded "><a href="tools/awk.html"><strong aria-hidden="true">1.6.</strong> awk</a></li><li class="chapter-item expanded "><a href="tools/emacs.html"><strong aria-hidden="true">1.7.</strong> emacs</a></li><li class="chapter-item expanded "><a href="tools/gpg.html"><strong aria-hidden="true">1.8.</strong> gpg</a></li><li class="chapter-item expanded "><a href="tools/gdb.html"><strong aria-hidden="true">1.9.</strong> gdb</a></li><li class="chapter-item expanded "><a href="tools/gdbserver.html"><strong aria-hidden="true">1.10.</strong> gdbserver</a></li><li class="chapter-item expanded "><a href="tools/radare2.html"><strong aria-hidden="true">1.11.</strong> radare2</a></li><li class="chapter-item expanded "><a href="tools/qemu.html"><strong aria-hidden="true">1.12.</strong> qemu</a></li><li class="chapter-item expanded "><a href="tools/pacman.html"><strong aria-hidden="true">1.13.</strong> pacman</a></li><li class="chapter-item expanded "><a href="tools/dot.html"><strong aria-hidden="true">1.14.</strong> dot</a></li></ol></li><li class="chapter-item expanded "><a href="monitor/index.html"><strong aria-hidden="true">2.</strong> Resource analysis & monitor</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="monitor/lsof.html"><strong aria-hidden="true">2.1.</strong> lsof</a></li><li class="chapter-item expanded "><a href="monitor/ss.html"><strong aria-hidden="true">2.2.</strong> ss</a></li><li class="chapter-item expanded "><a href="monitor/pidstat.html"><strong aria-hidden="true">2.3.</strong> pidstat</a></li><li class="chapter-item expanded "><a href="monitor/pgrep.html"><strong aria-hidden="true">2.4.</strong> pgrep</a></li><li class="chapter-item expanded "><a href="monitor/pmap.html"><strong aria-hidden="true">2.5.</strong> pmap</a></li><li class="chapter-item expanded "><a href="monitor/pstack.html"><strong aria-hidden="true">2.6.</strong> pstack</a></li></ol></li><li class="chapter-item expanded "><a href="trace_profile/index.html"><strong aria-hidden="true">3.</strong> Trace and Profile</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="trace_profile/strace.html"><strong aria-hidden="true">3.1.</strong> strace</a></li><li class="chapter-item expanded "><a href="trace_profile/ltrace.html"><strong aria-hidden="true">3.2.</strong> ltrace</a></li><li class="chapter-item expanded "><a href="trace_profile/perf.html"><strong aria-hidden="true">3.3.</strong> perf</a></li><li class="chapter-item expanded "><a href="trace_profile/oprofile.html"><strong aria-hidden="true">3.4.</strong> OProfile</a></li><li class="chapter-item expanded "><a href="trace_profile/time.html"><strong aria-hidden="true">3.5.</strong> time</a></li></ol></li><li class="chapter-item expanded "><a href="binary/index.html"><strong aria-hidden="true">4.</strong> Binary</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="binary/od.html"><strong aria-hidden="true">4.1.</strong> od</a></li><li class="chapter-item expanded "><a href="binary/xxd.html"><strong aria-hidden="true">4.2.</strong> xxd</a></li><li class="chapter-item expanded "><a href="binary/readelf.html"><strong aria-hidden="true">4.3.</strong> readelf</a></li><li class="chapter-item expanded "><a href="binary/objdump.html"><strong aria-hidden="true">4.4.</strong> objdump</a></li><li class="chapter-item expanded "><a href="binary/nm.html"><strong aria-hidden="true">4.5.</strong> nm</a></li></ol></li><li class="chapter-item expanded "><a href="development/index.html"><strong aria-hidden="true">5.</strong> Development</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="development/c++filt.html"><strong aria-hidden="true">5.1.</strong> c++filt</a></li><li class="chapter-item expanded "><a href="development/c++.html"><strong aria-hidden="true">5.2.</strong> c++</a></li><li class="chapter-item expanded "><a href="development/glibc.html"><strong aria-hidden="true">5.3.</strong> glibc</a></li><li class="chapter-item expanded "><a href="development/gcc.html"><strong aria-hidden="true">5.4.</strong> gcc</a></li><li class="chapter-item expanded "><a href="development/make.html"><strong aria-hidden="true">5.5.</strong> make</a></li><li class="chapter-item expanded "><a href="development/ld.so.html"><strong aria-hidden="true">5.6.</strong> ld.so</a></li><li class="chapter-item expanded "><a href="development/symbolver.html"><strong aria-hidden="true">5.7.</strong> symbol versioning</a></li><li class="chapter-item expanded "><a href="development/python.html"><strong aria-hidden="true">5.8.</strong> python</a></li></ol></li><li class="chapter-item expanded "><a href="linux/index.html"><strong aria-hidden="true">6.</strong> Linux</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="linux/systemd.html"><strong aria-hidden="true">6.1.</strong> systemd</a></li><li class="chapter-item expanded "><a href="linux/coredump.html"><strong aria-hidden="true">6.2.</strong> coredump</a></li><li class="chapter-item expanded "><a href="linux/ptrace_scope.html"><strong aria-hidden="true">6.3.</strong> ptrace_scope</a></li><li class="chapter-item expanded "><a href="linux/cryptsetup.html"><strong aria-hidden="true">6.4.</strong> cryptsetup</a></li><li class="chapter-item expanded "><a href="linux/swap.html"><strong aria-hidden="true">6.5.</strong> swap</a></li><li class="chapter-item expanded "><a href="linux/input.html"><strong aria-hidden="true">6.6.</strong> input</a></li></ol></li><li class="chapter-item expanded "><a href="network/index.html"><strong aria-hidden="true">7.</strong> Network</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="network/tcpdump.html"><strong aria-hidden="true">7.1.</strong> tcpdump</a></li><li class="chapter-item expanded "><a href="network/firewall-cmd.html"><strong aria-hidden="true">7.2.</strong> firewall-cmd</a></li><li class="chapter-item expanded "><a href="network/nftables.html"><strong aria-hidden="true">7.3.</strong> nftables</a></li></ol></li><li class="chapter-item expanded "><a href="web/index.html"><strong aria-hidden="true">8.</strong> Web</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="web/html.html"><strong aria-hidden="true">8.1.</strong> html</a></li><li class="chapter-item expanded "><a href="web/chartjs.html"><strong aria-hidden="true">8.2.</strong> chartjs</a></li></ol></li><li class="chapter-item expanded "><a href="arch/index.html"><strong aria-hidden="true">9.</strong> Arch</a></li><li><ol class="section"><li class="chapter-item expanded "><a href="arch/x86_64.html"><strong aria-hidden="true">9.1.</strong> x86_64</a></li><li class="chapter-item expanded "><a href="arch/arm64.html"><strong aria-hidden="true">9.2.</strong> arm64</a></li><li class="chapter-item expanded "><a href="arch/armv7.html"><strong aria-hidden="true">9.3.</strong> armv7</a></li><li class="chapter-item expanded "><a href="arch/riscv.html"><strong aria-hidden="true">9.4.</strong> riscv</a></li></ol></li></ol>
             </div>
             <div id="sidebar-resize-handle" class="sidebar-resize-handle"></div>
         </nav>
@@ -2184,7 +2184,7 @@ digraph {
 }
 </code></pre>
 <p>Rendered <code>svg</code> file.
-<img src="https://johannst.github.io/notes/assets/g.svg" alt="g.svg" /></p>
+<img src="tools/assets/g.svg" alt="g.svg" /></p>
 <h2 id="references-1"><a class="header" href="#references-1">References</a></h2>
 <ul>
 <li><a href="https://graphviz.org/doc/info/lang.html">DOT language</a></li>
@@ -3889,6 +3889,7 @@ int main(int argc, char* argv[]) {
 <ul>
 <li><a href="network/./tcpdump.html">tcpdump</a></li>
 <li><a href="network/./firewall-cmd.html">firewall-cmd</a></li>
+<li><a href="network/./nftables.html">nftables</a></li>
 </ul>
 <div style="break-before: page; page-break-before: always;"></div><h1 id="tcpdump1"><a class="header" href="#tcpdump1">tcpdump(1)</a></h1>
 <h1 id="cli-3"><a class="header" href="#cli-3">CLI</a></h1>
@@ -3933,18 +3934,114 @@ see all available zones.</p>
 firewall-cmd --add-service &lt;SERVICE&gt;
 # Add a specific port.
 firewall-cmd --add-port 8000/tcp
+# Add a rich rule (eg port forwarding, dnat).
+firewall-cmd --add-rich-rule 'rule family=&quot;ipv4&quot; forward-port port=&quot;80&quot; protocol=&quot;tcp&quot; to-port=&quot;8080&quot;'
 </code></pre>
 <h2 id="remove-entries"><a class="header" href="#remove-entries">Remove entries</a></h2>
 <pre><code class="language-sh"># Remove service.
 firewall-cmd --remove-service &lt;SERVICE&gt;
 # Remove port.
 firewall-cmd --remove-port 8000/tcp
+# Remove rich rule.
+firewall-cmd --remove-rich-rule 'rule family=&quot;ipv4&quot; forward-port port=&quot;80&quot; protocol=&quot;tcp&quot; to-port=&quot;8080&quot;'
 </code></pre>
 <h2 id="references-4"><a class="header" href="#references-4">References</a></h2>
 <ul>
 <li>man <a href="https://firewalld.org/documentation/man-pages/firewall-cmd.html">firewall-cmd(1)</a></li>
 <li>man <a href="https://firewalld.org/documentation/man-pages/firewalld.html">firewalld(1)</a></li>
 </ul>
+<div style="break-before: page; page-break-before: always;"></div><h1 id="nftables"><a class="header" href="#nftables">nftables</a></h1>
+<p><a href="https://nftables.org/projects/nftables/index.html">Nftables</a> is a stateful Linux firewall which uses the
+<a href="https://nftables.org">netfilter</a> kernel hooks.
+It is used for stateless, stateful packet filtering and all sorts of NAT.</p>
+<p>Nftables is the successor to <a href="https://nftables.org/projects/iptables/index.html">iptables</a>.</p>
+<p>In nftables, <code>rules</code> are organized with <code>chains</code> and <code>tables</code>.</p>
+<ul>
+<li><code>chain</code>: Orders <code>rules</code>. Chains exist in two kinds:
+<ul>
+<li><code>base chain</code>: Entry point from netfilter hooks (network stack).</li>
+<li><code>regular chain</code>: Can be used as jump target to group rules for better organization.</li>
+</ul>
+</li>
+<li><code>table</code>: Groups chains together. Tables are defined by a <code>name</code> and an
+<code>address family</code> (eg <code>inet</code>, <code>ip</code>, <code>ip6</code>, ..).</li>
+</ul>
+<h2 id="ruleset"><a class="header" href="#ruleset">Ruleset</a></h2>
+<pre><code class="language-bash">nft list ruleset        # List all tables/chains/rules (whole ruleset).
+nft flush ruleset       # Clear whole ruleset.
+</code></pre>
+<h2 id="examples-save-rules-to-files-and-re-apply"><a class="header" href="#examples-save-rules-to-files-and-re-apply">Examples: Save rules to files and re-apply</a></h2>
+<pre><code class="language-bash">nft list ruleset &gt; nft.rules
+nft flush ruleset
+nft -f nft.rules
+</code></pre>
+<h2 id="example-fully-trace-evaluation-of-nftables-rules"><a class="header" href="#example-fully-trace-evaluation-of-nftables-rules">Example: Fully trace evaluation of nftables rules</a></h2>
+<pre><code class="language-text">table ip traceall {
+    chain filter_prerouting {
+        # Install chain with higher priority as the RAW standard priority.
+        type filter hook prerouting priority raw - 50; policy accept;
+        # Trace each and every packet (very verbose).
+        #meta nftrace set 1;
+        # Trace packet to port 80/81/8081 from localhost.
+        tcp dport { 80, 81, 8081 } ip saddr 127.0.0.1 meta nftrace set 1;
+    }
+}
+</code></pre>
+<p>Use <code>nft monitor trace</code> to get trace output on tty.</p>
+<h2 id="example-ipv4-port-forwarding"><a class="header" href="#example-ipv4-port-forwarding">Example: IPv4 port forwarding</a></h2>
+<pre><code class="language-text">table ip fwd {
+    chain nat_preroute {
+        # Register this chain to the PREROUTE:NAT hook (stateful packet tracking via conntrack).
+        type nat hook prerouting priority dstnat + 10 ; policy accept;
+        meta nfproto ipv4 tcp dport 81 redirect to :8081
+    }
+}
+</code></pre>
+<h2 id="example-base-vs-regular-chain"><a class="header" href="#example-base-vs-regular-chain">Example: Base vs regular chain</a></h2>
+<pre><code class="language-text"># Table named 'playground' handling 'ip' (ipv4) address family.
+table ip playground {
+    # Base chain.
+    chain filter_input_base {
+        # Register this chain to the INPUT:FILTER hook in the netfilter package flow.
+        # Specify a prioirty relative to the inbuilt 'filter' priority (smaller
+        # number means higher priority).
+        # Set the default policy to ACCEPT, to let every packet pass by default.
+        type filter hook input priority filter - 10; policy accept;
+
+        # Create a rule for tcp packets arriving on either port 8000 or 8100.
+        tcp dport { 8000, 8100 } jump input_reg_log;
+        # Create a rule for tcp packets arriving on port 8200.
+        tcp dport 8200 jump input_reg_log_all;
+    }
+
+    # Regular chain.
+    chain input_reg_log {
+        # Log every packet traversing this chain.
+        # Message lands in the kernel ring buffer.
+        log;
+    }
+
+    # Regular chain.
+    chain input_reg_log_all {
+        # Log every packet with all flags traversing this chain.
+        log flags all;
+    }
+}
+</code></pre>
+<pre><code class="language-bash"># Load the nf rules.
+sudo nft -f playground.rules
+# Create test servers.
+nc -lk 0.0.0.0 8000
+nc -lk 0.0.0.0 8100
+nc -lk 0.0.0.0 8200
+# See the nftables logging in the kernel ring buffer.
+sudo dmesg -w
+# Make some client connections.
+nc localhost 8000
+nc localhost 8200
+</code></pre>
+<h2 id="mental-model-for-netfilter-packet-flow"><a class="header" href="#mental-model-for-netfilter-packet-flow">Mental model for netfilter packet flow</a></h2>
+<p><img src="network/assets/nf_pkt_flow.png" alt="nf_pkt_flow.png" /></p>
 <div style="break-before: page; page-break-before: always;"></div><h1 id="web"><a class="header" href="#web">Web</a></h1>
 <ul>
 <li><a href="web/./html.html">html</a></li>
@@ -4266,6 +4363,10 @@ mov rax, qword ptr [rbx+4*rcx]   // load val at [rbx+4*rcx] into rax
 .my_str:
 .asciz &quot;Foo&quot;
 </code></pre>
+<p>Load effective address:</p>
+<pre><code class="language-x86asm">mov rax, 2
+lea r11, [rax + 3]   // r11 &lt;- 5
+</code></pre>
 <h2 id="string-instructions"><a class="header" href="#string-instructions">String instructions</a></h2>
 <p>The operand size of a string instruction is defined by the instruction suffix
 <code>b | w | d | q</code>.</p>
-- 
cgit v1.2.3