On Sun, Sep 16, 2018 at 09:11:12PM +0200, Fernando Fernandez Mancera wrote:
> Add support for ttl option in "osf" expression. Example:
>
> table ip foo {
> chain bar {
> type filter hook input priority filter; policy accept;
> osf ttl 0 name "Linux"
Looking at nf_osf_ttl()
* Currently, default behaviour is "check for exact TTL" if no ttl option
is specified, which is -m osf --ttl 0, which works for local area
network.
Therefore:
* We need an option to skip TTL checking, eg. 'ttl nocheck', which is
mapping -m osf --ttl 2.
* We need an option to check for globally-routable address, eg. 'ttl
global', which is mapping -m osf --ttl 1.
You could also add 'ttl local', but that seems to be the default
behaviour anyway, so you could just document this.
