From 208290ff0bfecb49044c3df87149aa6fa683de09 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Tue, 15 Mar 2022 11:58:37 +0100
Subject: extensions: ipcomp: Add comment to clarify xlate callback

Kernel ignores 'hdrres' field, this matching on reserved field value was
never effective.

While being at it, drop its description from man page. Continue to parse
and print it for compatibility reasons, but avoid attracting new users.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 extensions/libxt_ipcomp.c     | 2 ++
 extensions/libxt_ipcomp.c.man | 3 ---
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c
index b5c43128..4171c4a1 100644
--- a/extensions/libxt_ipcomp.c
+++ b/extensions/libxt_ipcomp.c
@@ -101,6 +101,8 @@ static int comp_xlate(struct xt_xlate *xl,
 	const struct xt_ipcomp *compinfo =
 		(struct xt_ipcomp *)params->match->data;
 
+	/* ignore compinfo->hdrres like kernel's xt_ipcomp.c does */
+
 	xt_xlate_add(xl, "comp cpi %s",
 		     compinfo->invflags & XT_IPCOMP_INV_SPI ? "!= " : "");
 	if (compinfo->spis[0] != compinfo->spis[1])
diff --git a/extensions/libxt_ipcomp.c.man b/extensions/libxt_ipcomp.c.man
index f3b17d21..824f5b3d 100644
--- a/extensions/libxt_ipcomp.c.man
+++ b/extensions/libxt_ipcomp.c.man
@@ -2,6 +2,3 @@ This module matches the parameters in IPcomp header of IPsec packets.
 .TP
 [\fB!\fP] \fB\-\-ipcompspi\fP \fIspi\fP[\fB:\fP\fIspi\fP]
 Matches IPcomp header CPI value.
-.TP
-\fB\-\-compres\fP
-Matches if the reserved field is filled with zero.
-- 
cgit v1.2.3