netfilter: add IPv4/6 IPComp extension match support
authorfan.du <fan.du@windriver.com>
Wed, 18 Dec 2013 03:27:02 +0000 (11:27 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 24 Dec 2013 11:37:58 +0000 (12:37 +0100)
commit6a649f339802f104549e1fb211e381036661e244
tree673fd543f147e890e2cd34deceaa70606ff83054
parent08c0cad69f32ad1e881fa3fb7f5e0a25db5b07ce
netfilter: add IPv4/6 IPComp extension match support

With this plugin, user could specify IPComp tagged with certain
CPI that host not interested will be DROPped or any other action.

For example:
iptables  -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP
ip6tables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP

Then input IPComp packet with CPI equates 0x87 will not reach
upper layer anymore.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/Kbuild
include/uapi/linux/netfilter/xt_ipcomp.h [new file with mode: 0644]
net/netfilter/Kconfig
net/netfilter/Makefile
net/netfilter/xt_ipcomp.c [new file with mode: 0644]