From bc9d2e5006b2963f9cc117076ecf38a5c3782964 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 11 May 2016 00:22:11 +0200
Subject: src: add ecn support

This supports both IPv4:

 # nft --debug=netlink add rule ip filter forward ip ecn ce counter
 ip filter forward
  [ payload load 1b @ network header + 1 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000003 ) ^ 0x00000000 ]
  [ cmp eq reg 1 0x00000003 ]
  [ counter pkts 0 bytes 0 ]

For IPv6:

 # nft --debug=netlink add rule ip6 filter forward ip6 ecn ce counter
 ip6 filter forward
  [ payload load 1b @ network header + 1 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x00000030 ) ^ 0x00000000 ]
  [ cmp eq reg 1 0x00000030 ]
  [ counter pkts 0 bytes 0 ]

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/nft.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'doc/nft.xml')

diff --git a/doc/nft.xml b/doc/nft.xml
index a2770bfa..22d023e8 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -1397,6 +1397,11 @@ filter output oif eth0
 								<entry>Differentiated Services Code Point</entry>
 								<entry>integer (6 bit)</entry>
 							</row>
+							<row>
+								<entry>ecn</entry>
+								<entry>Explicit Congestion Notification</entry>
+								<entry>integer (2 bit)</entry>
+							</row>
 							<row>
 								<entry>length</entry>
 								<entry>Total packet length</entry>
@@ -1481,6 +1486,11 @@ filter output oif eth0
 								<entry>Differentiated Services Code Point</entry>
 								<entry>integer (6 bit)</entry>
 							</row>
+							<row>
+								<entry>ecn</entry>
+								<entry>Explicit Congestion Notification</entry>
+								<entry>integer (2 bit)</entry>
+							</row>
 							<row>
 								<entry>flowlabel</entry>
 								<entry>Flow label</entry>
-- 
cgit v1.2.3