From 147a891f8ca48f1f0c932ac304810d68780c90c2 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Sun, 18 Feb 2018 09:49:16 +0100
Subject: extenstions: ecn: add tcp ecn/cwr translation

nft can match tcp flags, so add ece/cwr translation.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 extensions/libxt_ecn.txlate | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'extensions/libxt_ecn.txlate')

diff --git a/extensions/libxt_ecn.txlate b/extensions/libxt_ecn.txlate
index 9e3bd310..f012f128 100644
--- a/extensions/libxt_ecn.txlate
+++ b/extensions/libxt_ecn.txlate
@@ -21,3 +21,9 @@ nft add rule ip filter INPUT ip ecn != ect0 counter
 
 iptables-translate -A INPUT -m ecn ! --ecn-ip-ect 3
 nft add rule ip filter INPUT ip ecn != ce counter
+
+iptables-translate -A INPUT -m ecn ! --ecn-tcp-ece
+nft add rule ip filter INPUT tcp flags != ecn counter
+
+iptables-translate -A INPUT -m ecn --ecn-tcp-cwr
+nft add rule ip filter INPUT tcp flags cwr counter
-- 
cgit v1.2.3