src: add ecn support

This supports both IPv4: # nft --debug=netlink add rule ip filter forward ip ecn ce counter ip filter forward [ payload load 1b @ network header + 1 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000003 ] [ counter pkts 0 bytes 0 ] For IPv6: # nft --debug=netlink add rule ip6 filter forward ip6 ecn ce counter ip6 filter forward [ payload load 1b @ network header + 1 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000030 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000030 ] [ counter pkts 0 bytes 0 ] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-05-11 00:22:11 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-05-11 23:01:31 +0200
commit: bc9d2e5006b2963f9cc117076ecf38a5c3782964 (patch)
tree: 610905ddeffcbfd12a292c0832ad8925444369dd /include
parent: 16fcc85c283537ea00357e2ca4bbb561c03bc65b (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/include/datatype.h b/include/datatype.h
index e385bac1..c7e110f5 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -80,6 +80,7 @@ enum datatypes {
 	TYPE_ICMPX_CODE,
 	TYPE_DEVGROUP,
 	TYPE_DSCP,
+	TYPE_ECN,
 	__TYPE_MAX
 };
 #define TYPE_MAX		(__TYPE_MAX - 1)
diff --git a/include/proto.h b/include/proto.h
index 14af9653..4fa54a74 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -184,6 +184,7 @@ enum ip_hdr_fields {
 	IPHDR_VERSION,
 	IPHDR_HDRLENGTH,
 	IPHDR_DSCP,
+	IPHDR_ECN,
 	IPHDR_LENGTH,
 	IPHDR_ID,
 	IPHDR_FRAG_OFF,
@@ -221,6 +222,7 @@ enum ip6_hdr_fields {
 	IP6HDR_INVALID,
 	IP6HDR_VERSION,
 	IP6HDR_DSCP,
+	IP6HDR_ECN,
 	IP6HDR_FLOWLABEL,
 	IP6HDR_LENGTH,
 	IP6HDR_NEXTHDR,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-05-11 00:22:11 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-05-11 23:01:31 +0200
commit	bc9d2e5006b2963f9cc117076ecf38a5c3782964 (patch)
tree	610905ddeffcbfd12a292c0832ad8925444369dd /include
parent	16fcc85c283537ea00357e2ca4bbb561c03bc65b (diff)