netfilter: add IPv4/6 IPComp extension match support - linux

diff options

author	fan.du <fan.du@windriver.com>	2013-12-18 04:27:02 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-24 12:37:58 +0100
commit	6a649f339802f104549e1fb211e381036661e244 (patch)
tree	673fd543f147e890e2cd34deceaa70606ff83054 /security
parent	netfilter: nfnetlink_queue: enable UID/GID socket info retrieval (diff)
download	linux-6a649f339802f104549e1fb211e381036661e244.tar.xz linux-6a649f339802f104549e1fb211e381036661e244.zip

netfilter: add IPv4/6 IPComp extension match support

With this plugin, user could specify IPComp tagged with certain CPI that host not interested will be DROPped or any other action. For example: iptables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP ip6tables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP Then input IPComp packet with CPI equates 0x87 will not reach upper layer anymore. Signed-off-by: Fan Du <fan.du@windriver.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'security')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: