summaryrefslogtreecommitdiffstats
path: root/src/scanner.l
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-05-11 00:22:11 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-05-11 23:01:31 +0200
commitbc9d2e5006b2963f9cc117076ecf38a5c3782964 (patch)
tree610905ddeffcbfd12a292c0832ad8925444369dd /src/scanner.l
parent16fcc85c283537ea00357e2ca4bbb561c03bc65b (diff)
src: add ecn support
This supports both IPv4: # nft --debug=netlink add rule ip filter forward ip ecn ce counter ip filter forward [ payload load 1b @ network header + 1 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000003 ] [ counter pkts 0 bytes 0 ] For IPv6: # nft --debug=netlink add rule ip6 filter forward ip6 ecn ce counter ip6 filter forward [ payload load 1b @ network header + 1 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000030 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000030 ] [ counter pkts 0 bytes 0 ] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/scanner.l')
-rw-r--r--src/scanner.l1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/scanner.l b/src/scanner.l
index 275beaa1..e8b216ef 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -363,6 +363,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"version" { return HDRVERSION; }
"hdrlength" { return HDRLENGTH; }
"dscp" { return DSCP; }
+"ecn" { return ECN; }
"length" { return LENGTH; }
"frag-off" { return FRAG_OFF; }
"ttl" { return TTL; }