On Mon, 03 Jun 2013 15:57:29 -0700 Eric Dumazet <eric.dumazet@xxxxxxxxx> wrote: > From: Eric Dumazet <edumazet@xxxxxxxxxx> > > xt_socket module can be a nice replacement to conntrack module > in some cases (SYN filtering for example) > > But it lacks the ability to match the 3rd packet of TCP > handshake (ACK coming from the client). > > Add a XT_SOCKET_NOWILDCARD flag to disable the wildcard mechanism Sorry, but I'm not sure I understand your description. What is the effect of adding the XT_SOCKET_NOWILDCARD flag? It almost sound like it adds the ability to match the 3rd packet of TCP handshake (ACK coming from the client), is that the case? -- Best regards, Jesper Dangaard Brouer MSc.CS, Sr. Network Kernel Developer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
