On Jan 4 2008 16:22, Patrick McHardy wrote: >> +#ifndef NEXTHDR_IPV4 >> +# define NEXTHDR_IPV4 4 > > This should be IPPROTO_IPIP I guess. Or actually define NEXTHDR_IPV4 in include/net/ipv6.h I suppose. >> + case IPPROTO_AH: >> + *length = skb->len - offset - sizeof(struct ip_auth_hdr); >> + return true; >> + case IPPROTO_ESP: >> + *length = skb->len - offset - sizeof(struct ip_esp_hdr); >> + return true; >> + } > > I'm missing SCTP and DCCP. We try to consistently support at least all > protocols implemented in Linux itself. > I did not quite get yet how to parse SCTP or what could be classified as 'data', since SCTP has multiple streams (ouch). Should reread RFC. > I'm also wondering what this is actually useful for? The only > useful thing I can imagine is TCP since its useful for matching on > ACKs without data, > What was the original xt_length v0 good for, I wonder? :) > all others have fixed sizes and can easily be implemented in userspace. > You cannot reliably use xt_length v0 to match any frame combination where there is IPv4, IPv6 or TCP, because they all have dynamic sizes. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
