I forgot to say that netlink code seems correct: ip filter INPUT 26 [ payload load 1b @ network header + 9 => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 4b @ network header + 12 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00ffffff ) ^ 0x00000000 ] [ cmp eq reg 1 0x0000a8c0 ] [ match name tcp rev 0 ] [ match name conntrack rev 3 ] [ counter pkts 0 bytes 0 ] [ immediate reg 0 accept ] 2014-08-26 13:43 GMT+02:00 Giuseppe Longo <giuseppelng@xxxxxxxxx>: > Hi Pablo, > To fix that the add_cmp_ptr() function should be called after > add_bitwise_* in add_addr() function. > But this change make the output wrong, see below: > > # iptables-compat -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -m > conntrack --ctstate NEW -j ACCEPT > # iptables-compat -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT tcp -- anywhere anywhere tcp > dpt:ssh ctstate NEW > > I'm going to investigate more in depth. > > Regards -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
