Kernel ignores 'hdrres' field, this matching on reserved field value was never effective. While being at it, drop its description from man page. Continue to parse and print it for compatibility reasons, but avoid attracting new users. Signed-off-by: Phil Sutter <phil@xxxxxx> --- extensions/libxt_ipcomp.c | 2 ++ extensions/libxt_ipcomp.c.man | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/extensions/libxt_ipcomp.c b/extensions/libxt_ipcomp.c index b5c43128466fb..4171c4a1c4eb7 100644 --- a/extensions/libxt_ipcomp.c +++ b/extensions/libxt_ipcomp.c @@ -101,6 +101,8 @@ static int comp_xlate(struct xt_xlate *xl, const struct xt_ipcomp *compinfo = (struct xt_ipcomp *)params->match->data; + /* ignore compinfo->hdrres like kernel's xt_ipcomp.c does */ + xt_xlate_add(xl, "comp cpi %s", compinfo->invflags & XT_IPCOMP_INV_SPI ? "!= " : ""); if (compinfo->spis[0] != compinfo->spis[1]) diff --git a/extensions/libxt_ipcomp.c.man b/extensions/libxt_ipcomp.c.man index f3b17d2167697..824f5b3d9dbb4 100644 --- a/extensions/libxt_ipcomp.c.man +++ b/extensions/libxt_ipcomp.c.man @@ -2,6 +2,3 @@ This module matches the parameters in IPcomp header of IPsec packets. .TP [\fB!\fP] \fB\-\-ipcompspi\fP \fIspi\fP[\fB:\fP\fIspi\fP] Matches IPcomp header CPI value. -.TP -\fB\-\-compres\fP -Matches if the reserved field is filled with zero. -- 2.38.0
