diff options
author | Florian Westphal <fw@strlen.de> | 2021-12-20 12:30:18 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-02-28 22:44:51 +0100 |
commit | 5d837d270d5a8b3a4d3fdca12d0f0800b8287cdd (patch) | |
tree | f6142e001404eaca518ef39eec73b7d1372dd82b /doc | |
parent | 1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f (diff) |
src: add tcp option reset support
This allows to replace a tcp option with nops, similar
to the TCPOPTSTRIP feature of iptables.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/statements.txt | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/statements.txt b/doc/statements.txt index 8675892a..6aaf806b 100644 --- a/doc/statements.txt +++ b/doc/statements.txt @@ -71,7 +71,7 @@ EXTENSION HEADER STATEMENT The extension header statement alters packet content in variable-sized headers. This can currently be used to alter the TCP Maximum segment size of packets, -similar to TCPMSS. +similar to the TCPMSS target in iptables. .change tcp mss --------------- @@ -80,6 +80,13 @@ tcp flags syn tcp option maxseg size set 1360 tcp flags syn tcp option maxseg size set rt mtu --------------- +You can also remove tcp options via reset keyword. + +.remove tcp option +--------------- +tcp flags syn reset tcp option sack-perm +--------------- + LOG STATEMENT ~~~~~~~~~~~~~ [verse] |