Hello, On Fri, 14 Dec 2001, bert hubert wrote: > > > not know that you are using IPv4, so the value 20 can not be > > guessed. For this, "offset" is used to extract the iphdr->ihl > > value and to use it as a base for all nexthdr+ relative offsets. > > Damn, that's broken. Or at least, extremely non-obvious and hard to get > working. Overly universal comes to mind. So 'ip sport' would stop matching > packets with ip options? No, ihl includes the options. Everything works perfectly. It is bug to use sport and dport if ip options are present. There are tcp dst and tcp src for example. Same for udp. For icmp there are icmp type and icmp code. All they use the same base pointer. > Regards, > > bert Regards -- Julian Anastasov <ja@xxxxxx>
