On Friday 16 April 2004 17:07, Jason Boxman wrote: > I can't seem to match packets less than 512 bytes: > > class( <$bulk> ) > if tcp_dport == 81 && !( ip_len & 0xfe00 ) > ; > or > if tcp_dport == 81 && ip_len < 512 Reversing the rule such that it is: if ip_len < 512 && tcp_dport == 81 works as expected. I have no idea why. I'd guess the IP header matches need to come first, but I have a rule that matches tcp_sport first and it has worked fine. if tcp_sport == 22 && ip_tos_delay == 1 <snip> -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
