diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 00:22:11 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 23:01:31 +0200 |
commit | bc9d2e5006b2963f9cc117076ecf38a5c3782964 (patch) | |
tree | 610905ddeffcbfd12a292c0832ad8925444369dd /doc | |
parent | 16fcc85c283537ea00357e2ca4bbb561c03bc65b (diff) |
src: add ecn support
This supports both IPv4:
# nft --debug=netlink add rule ip filter forward ip ecn ce counter
ip filter forward
[ payload load 1b @ network header + 1 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000003 ]
[ counter pkts 0 bytes 0 ]
For IPv6:
# nft --debug=netlink add rule ip6 filter forward ip6 ecn ce counter
ip6 filter forward
[ payload load 1b @ network header + 1 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x00000030 ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000030 ]
[ counter pkts 0 bytes 0 ]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/nft.xml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index a2770bfa..22d023e8 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -1398,6 +1398,11 @@ filter output oif eth0 <entry>integer (6 bit)</entry> </row> <row> + <entry>ecn</entry> + <entry>Explicit Congestion Notification</entry> + <entry>integer (2 bit)</entry> + </row> + <row> <entry>length</entry> <entry>Total packet length</entry> <entry>integer (16 bit)</entry> @@ -1482,6 +1487,11 @@ filter output oif eth0 <entry>integer (6 bit)</entry> </row> <row> + <entry>ecn</entry> + <entry>Explicit Congestion Notification</entry> + <entry>integer (2 bit)</entry> + </row> + <row> <entry>flowlabel</entry> <entry>Flow label</entry> <entry>integer (20 bit)</entry> |