git.karo-electronics.de Git - linux-beck.git/commit

author	fan.du <fan.du@windriver.com>
	Wed, 18 Dec 2013 03:27:02 +0000 (11:27 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 24 Dec 2013 11:37:58 +0000 (12:37 +0100)
commit	6a649f339802f104549e1fb211e381036661e244
tree	673fd543f147e890e2cd34deceaa70606ff83054	tree \| snapshot
parent	08c0cad69f32ad1e881fa3fb7f5e0a25db5b07ce	commit \| diff

netfilter: add IPv4/6 IPComp extension match support

With this plugin, user could specify IPComp tagged with certain
CPI that host not interested will be DROPped or any other action.

For example:
iptables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP
ip6tables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP

Then input IPComp packet with CPI equates 0x87 will not reach
upper layer anymore.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/uapi/linux/netfilter/Kbuild		diff \| blob \| history
include/uapi/linux/netfilter/xt_ipcomp.h	[new file with mode: 0644]	blob
net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/xt_ipcomp.c	[new file with mode: 0644]	blob