diff options
author | Phil Sutter <phil@nwl.cc> | 2022-03-15 11:58:37 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-11-24 10:24:06 +0100 |
commit | 208290ff0bfecb49044c3df87149aa6fa683de09 (patch) | |
tree | 25f0586d8514d57a55de30b8c9ae2d364b5b740c | |
parent | 8a714a4f4173d6e3d32ff414fac837bc0fd6b99c (diff) |
extensions: ipcomp: Add comment to clarify xlate callback
Kernel ignores 'hdrres' field, this matching on reserved field value was
never effective.
While being at it, drop its description from man page. Continue to parse
and print it for compatibility reasons, but avoid attracting new users.
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | extensions/libxt_ipcomp.c | 2 | ||||
-rw-r--r-- | extensions/libxt_ipcomp.c.man | 3 |
2 files changed, 2 insertions, 3 deletions
diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c index b5c43128..4171c4a1 100644 --- a/extensions/libxt_ipcomp.c +++ b/extensions/libxt_ipcomp.c @@ -101,6 +101,8 @@ static int comp_xlate(struct xt_xlate *xl, const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)params->match->data; + /* ignore compinfo->hdrres like kernel's xt_ipcomp.c does */ + xt_xlate_add(xl, "comp cpi %s", compinfo->invflags & XT_IPCOMP_INV_SPI ? "!= " : ""); if (compinfo->spis[0] != compinfo->spis[1]) diff --git a/extensions/libxt_ipcomp.c.man b/extensions/libxt_ipcomp.c.man index f3b17d21..824f5b3d 100644 --- a/extensions/libxt_ipcomp.c.man +++ b/extensions/libxt_ipcomp.c.man @@ -2,6 +2,3 @@ This module matches the parameters in IPcomp header of IPsec packets. .TP [\fB!\fP] \fB\-\-ipcompspi\fP \fIspi\fP[\fB:\fP\fIspi\fP] Matches IPcomp header CPI value. -.TP -\fB\-\-compres\fP -Matches if the reserved field is filled with zero. |