man: tc-u32: Fix page to match new firstfrag behavior

Commit 690b11f4a6 ("tc: u32: Fix firstfrag filter.") applied in 2012
changed the "ip firstfrag" selector to not match non-fragmented packets
anymore.

However, the documentation added in f15a23966f ("tc: add a man page
for u32 filter") in 2015 includes an example that relies on the previous
behavior (non-fragmented packet counted as first fragment).

Due to this, the example does not work correctly and does not actually
classify regular SSH packets.

Modify the example to use a raw u16 selector on the fragment offset to
make it work, and also make the firstfrag description more clear about
the current behavior.

Fixes: f15a23966f ("tc: add a man page for u32 filter")
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Cc: Phil Sutter <phil@nwl.cc>
Cc: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>

man/man8/tc-u32.8

@@ -427,7 +427,7 @@ Also minimal header size for IPv4 and lack of IPv6 extension headers is assumed.
 IPv4 only, check certain flags and fragment offset values. Match if the packet
 is not a fragment
 .RB ( nofrag ),
-the first fragment
+the first fragment of a fragmented packet
 .RB ( firstfrag ),
 if Don't Fragment
 .RB ( df )
@@ -644,7 +644,7 @@ tc filter add dev eth0 parent 1:0 protocol ip \\
 tc filter add dev eth0 parent 1:0 protocol ip \\
         u32 ht 800: \\
         match ip protocol 6 FF \\
-        match ip firstfrag \\
+        match u16 0 1fff at 6 \\
         offset at 0 mask 0f00 shift 6 \\
         link 1:
 .EE