git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 10 May 2016 22:22:11 +0000 (00:22 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 11 May 2016 21:01:31 +0000 (23:01 +0200)
commit	bc9d2e5006b2963f9cc117076ecf38a5c3782964
tree	610905ddeffcbfd12a292c0832ad8925444369dd	tree
parent	16fcc85c283537ea00357e2ca4bbb561c03bc65b	commit \| diff

src: add ecn support

This supports both IPv4:

# nft --debug=netlink add rule ip filter forward ip ecn ce counter
ip filter forward
  [ payload load 1b @ network header + 1 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ]
  [ cmp eq reg 1 0x00000003 ]
  [ counter pkts 0 bytes 0 ]

For IPv6:

# nft --debug=netlink add rule ip6 filter forward ip6 ecn ce counter
ip6 filter forward
  [ payload load 1b @ network header + 1 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000030 ) ^ 0x00000000 ]
  [ cmp eq reg 1 0x00000030 ]
  [ counter pkts 0 bytes 0 ]

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

doc/nft.xml		diff \| blob \| blame \| history
include/datatype.h		diff \| blob \| blame \| history
include/proto.h		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/proto.c		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history