path: root/extensions/
diff options
authorPatrick McHardy <>2011-12-28 14:27:47 +0100
committerPablo Neira Ayuso <>2012-02-23 18:08:38 +0100
commit98e1769b65b71989e3f16b25529b40f374aef323 (patch)
treef10f428f804c0f2ccc1540c112d94f5cf85da26c /extensions/
parent166b92d3fb2a7fc008df1b59332ef528a9a573ea (diff)
extensions: add IPv6 capable ECN match extension
Patrick submitted this patch by 9th Jun 2011, I'm recovering and applying it to iptables. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'extensions/')
1 files changed, 11 insertions, 0 deletions
diff --git a/extensions/ b/extensions/
new file mode 100644
index 00000000..31c0a3e8
--- /dev/null
+++ b/extensions/
@@ -0,0 +1,11 @@
+This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN is the Explicit Congestion Notification mechanism as specified in RFC3168
+[\fB!\fP] \fB\-\-ecn\-tcp\-cwr\fP
+This matches if the TCP ECN CWR (Congestion Window Received) bit is set.
+[\fB!\fP] \fB\-\-ecn\-tcp\-ece\fP
+This matches if the TCP ECN ECE (ECN Echo) bit is set.
+[\fB!\fP] \fB\-\-ecn\-ip\-ect\fP \fInum\fP
+This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to specify
+a number between `0' and `3'.