Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > We cannot assume nf_conntrack is loaded. We have to support stateless > setups as well. > > > In addition, there was an error in the check which was added (len > > is being calculated incorrectly). In my testing, ALL packets are being dropped > > by the TCPOPTSTRIP target at present. Revert the unnecessary/incorrect checks. > > Then, we have to fix the wrong calculation. I cannot reproduce this > here. Its most likely due to tcp_hdr() use, it only works for local packets. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
