netfilter buglog - May 2014 - [Bug 928] New: ECN: --ecn-tcp-ece and --ecn-ip-ect is not supported

https://bugzilla.netfilter.org/show_bug.cgi?id=928

           Summary: ECN: --ecn-tcp-ece and --ecn-ip-ect is not supported
           Product: nftables
           Version: unspecified
          Platform: x86_64
        OS/Version: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
        AssignedTo: pablo at netfilter.org
        ReportedBy: anarey at gmail.com
   Estimated Hours: 0.0


The following command-line parameters in ECN iptables-extensions are not
supported in nft yet:

--ecn-tcp-ece
--ecn-ip-ect


The last commit in Pablo git tree of kernel is "40e6442 netfilter:
x_tables:
allow to use cgroup match for LOCAL_IN nf hooks"
The last commit in libmnl repo is "090a842 examples: use
mnl_socket_setsockopt"
The last commit in libnftnl repo is "57107c2 common: fix unconditional
output
of event wrapping stuff"
The last commit in nftables repo is "aefa9bf expression: Fix inconsistent
output in set"

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

https://bugzilla.netfilter.org/show_bug.cgi?id=928

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
We can match these via 'tcp flags'.

# nft --debug=netlink add rule x y tcp flags ecn,cwr
ip x y 
  [ payload load 1b @ network header + 9 => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ payload load 1b @ transport header + 13 => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x000000c0 ) ^ 0x00000000 ]
  [ cmp neq reg 1 0x00000000 ]

Closing.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160513/b7ec66ab/attachment-0001.html>