extenstions: ecn: add tcp ecn/cwr translation

nft can match tcp flags, so add ece/cwr translation. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2018-02-18 09:49:16 +0100
committer: Florian Westphal <fw@strlen.de> 2018-02-26 00:03:54 +0100
commit: 147a891f8ca48f1f0c932ac304810d68780c90c2 (patch)
tree: e1fa45e6e7db6a3f23a8f6033659717df6c271f3 /extensions/libxt_ecn.txlate
parent: ed928a8302aa7a531987ff8120950c44bfcab700 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/extensions/libxt_ecn.txlate b/extensions/libxt_ecn.txlate
index 9e3bd310..f012f128 100644
--- a/extensions/libxt_ecn.txlate
+++ b/extensions/libxt_ecn.txlate
@@ -21,3 +21,9 @@ nft add rule ip filter INPUT ip ecn != ect0 counter
 
 iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3
 nft add rule ip filter INPUT ip ecn != ce counter
+
+iptables-translate -A INPUT -m ecn ! --ecn-tcp-ece
+nft add rule ip filter INPUT tcp flags != ecn counter
+
+iptables-translate -A INPUT -m ecn --ecn-tcp-cwr
+nft add rule ip filter INPUT tcp flags cwr counter
author	Florian Westphal <fw@strlen.de>	2018-02-18 09:49:16 +0100
committer	Florian Westphal <fw@strlen.de>	2018-02-26 00:03:54 +0100
commit	147a891f8ca48f1f0c932ac304810d68780c90c2 (patch)
tree	e1fa45e6e7db6a3f23a8f6033659717df6c271f3 /extensions/libxt_ecn.txlate
parent	ed928a8302aa7a531987ff8120950c44bfcab700 (diff)