On Tuesday 2015-06-16 07:45, Linus Lüssing wrote: >On Fri, May 01, 2015 at 08:33:03AM +0200, Jan Engelhardt wrote: >> -p matches the first non-extension header. For the >> exthdrs, there is e.g. -m hbh. > >Just to check, I guess ebtables is behaving similarly? Since Ethernet does not define any "Extension Headers", -p matches the one and only Protocol field there is, and it will be IPv6 if you say -p ipv6. >And "-p IPv6 --ip6-proto 0" will *not* match packets with a >hop-by-hop header? That's a hard one, because the userspace tools were once written with the assumption that 0 means "ANY". And then IANA used that value. D'oh. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
