netfilter: add IPv4/6 IPComp extension match support
With this plugin, user could specify IPComp tagged with certain CPI that host not interested will be DROPped or any other action. For example: iptables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP ip6tables -A INPUT -p 108 -m ipcomp --ipcompspi 0x87 -j DROP Then input IPComp packet with CPI equates 0x87 will not reach upper layer anymore. Signed-off-by: NFan Du <fan.du@windriver.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Showing
net/netfilter/xt_ipcomp.c
0 → 100644
想要评论请 注册 或 登录