On Tue, Jun 16, 2015 at 09:17:26AM +0200, Jan Engelhardt wrote: > On Tuesday 2015-06-16 07:45, Linus Lüssing wrote: > > >On Fri, May 01, 2015 at 08:33:03AM +0200, Jan Engelhardt wrote: > >> -p matches the first non-extension header. For the > >> exthdrs, there is e.g. -m hbh. > > > >Just to check, I guess ebtables is behaving similarly? > > Since Ethernet does not define any "Extension Headers", > -p matches the one and only Protocol field there is, > and it will be IPv6 if you say -p ipv6. Was more wondering whether ebtables's "--ip6-proto" behaves similar to ip6tables "--protocol" ;). But okay :). > > > >And "-p IPv6 --ip6-proto 0" will *not* match packets with a > >hop-by-hop header? > > That's a hard one, because the userspace tools were once written with > the assumption that 0 means "ANY". And then IANA used that value. D'oh. Urgh :D. Anyways, I think I could verify in the kernel code that ebtables and ip6tables behave similar, ebtables too seems to skip any extension header by calling ipv6_skip_exthdr(): https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/bridge/netfilter/ebt_ip6.c#n63 Cheers, Linus -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
