diff options
author | fan.du <fan.du@windriver.com> | 2013-12-18 11:27:22 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-24 12:46:20 +0100 |
commit | 0bb8765cc28cf1ddde70f3f5bfed96a067b1ead3 (patch) | |
tree | 5526af0109f6c4552ce46b20cc5587d66b54cd96 /include/linux/netfilter/xt_ipcomp.h | |
parent | 99b85b7837707bd6c6d578c9328e1321fceb8082 (diff) |
iptables: Add IPv4/6 IPcomp match support
This patch enables user to set iptables ACTIONs for IPcomp
flow specified by its SPI value.
For example:
iptables -A OUTPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP
ip6tables -A OUTPUT -p 108 -m ipcomp --ipcompspi 0x12 -j DROP
IPcomp packet with spi as 0x12 will be dropped.
Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter/xt_ipcomp.h')
-rw-r--r-- | include/linux/netfilter/xt_ipcomp.h | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_ipcomp.h b/include/linux/netfilter/xt_ipcomp.h new file mode 100644 index 00000000..45c7e40e --- /dev/null +++ b/include/linux/netfilter/xt_ipcomp.h @@ -0,0 +1,16 @@ +#ifndef _XT_IPCOMP_H +#define _XT_IPCOMP_H + +#include <linux/types.h> + +struct xt_ipcomp { + __u32 spis[2]; /* Security Parameter Index */ + __u8 invflags; /* Inverse flags */ + __u8 hdrres; /* Test of the Reserved Filed */ +}; + +/* Values for "invflags" field in struct xt_ipcomp. */ +#define XT_IPCOMP_INV_SPI 0x01 /* Invert the sense of spi. */ +#define XT_IPCOMP_INV_MASK 0x01 /* All possible flags. */ + +#endif /*_XT_IPCOMP_H*/ |