On Saturday 2011-03-26 03:54, Mark Montague wrote: > >> It seems that for IPv6, fragoff is only filled when you explicitly test >> for a protocol using -p. > > This was the problem. Many thanks for the answer! > > Adding a "-p tcp" to my ip6tables rule causes the above code to report the > source and destination port numbers properly. > > Also of note: it seems like the transport header can only be retrieved if the > ip6tables rule explicitly tests for a protocol: Without a -p test, I took out > the "if (par->fragoff == 0)" check, with the result that the sport and dport > were set to random (incorrect) numbers. Because like fragoff, thoff is only filled in if you actually want to match something. Calculating fragoff/thoff is somewhat more computationally intensive, as there may be many headers in a IPv6 packet, whereas there is just one static one in IPv4. Specifically, if you use (ipv6) -p frag, fragoff and thoff will be valid, but testing for sport/dport will do garbage too, because they do not actually point to a TCP header. Yeah this ought to get better.. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
