diff options
author | Florian Westphal <fw@strlen.de> | 2018-02-18 09:49:16 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-02-26 00:03:54 +0100 |
commit | 147a891f8ca48f1f0c932ac304810d68780c90c2 (patch) | |
tree | e1fa45e6e7db6a3f23a8f6033659717df6c271f3 /extensions/libxt_ecn.c | |
parent | ed928a8302aa7a531987ff8120950c44bfcab700 (diff) |
extenstions: ecn: add tcp ecn/cwr translation
nft can match tcp flags, so add ece/cwr translation.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_ecn.c')
-rw-r--r-- | extensions/libxt_ecn.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/extensions/libxt_ecn.c b/extensions/libxt_ecn.c index aeba01b3..ad3c7a03 100644 --- a/extensions/libxt_ecn.c +++ b/extensions/libxt_ecn.c @@ -124,26 +124,39 @@ static int ecn_xlate(struct xt_xlate *xl, const struct xt_ecn_info *einfo = (const struct xt_ecn_info *)params->match->data; - if (!(einfo->operation & XT_ECN_OP_MATCH_IP)) - return 0; + if (einfo->operation & XT_ECN_OP_MATCH_ECE) { + xt_xlate_add(xl, "tcp flags "); + if (einfo->invert) + xt_xlate_add(xl,"!= "); + xt_xlate_add(xl, "ecn"); + } - xt_xlate_add(xl, "ip ecn "); - if (einfo->invert) - xt_xlate_add(xl,"!= "); + if (einfo->operation & XT_ECN_OP_MATCH_CWR) { + xt_xlate_add(xl, "tcp flags "); + if (einfo->invert) + xt_xlate_add(xl,"!= "); + xt_xlate_add(xl, "cwr"); + } - switch (einfo->ip_ect) { - case 0: - xt_xlate_add(xl, "not-ect"); - break; - case 1: - xt_xlate_add(xl, "ect1"); - break; - case 2: - xt_xlate_add(xl, "ect0"); - break; - case 3: - xt_xlate_add(xl, "ce"); - break; + if (einfo->operation & XT_ECN_OP_MATCH_IP) { + xt_xlate_add(xl, "ip ecn "); + if (einfo->invert) + xt_xlate_add(xl,"!= "); + + switch (einfo->ip_ect) { + case 0: + xt_xlate_add(xl, "not-ect"); + break; + case 1: + xt_xlate_add(xl, "ect1"); + break; + case 2: + xt_xlate_add(xl, "ect0"); + break; + case 3: + xt_xlate_add(xl, "ce"); + break; + } } return 1; } |