On 9/18/18 1:16 AM, Pablo Neira Ayuso wrote:
On Sun, Sep 16, 2018 at 09:11:12PM +0200, Fernando Fernandez Mancera wrote:Add support for ttl option in "osf" expression. Example: table ip foo { chain bar { type filter hook input priority filter; policy accept; osf ttl 0 name "Linux"Looking at nf_osf_ttl() * Currently, default behaviour is "check for exact TTL" if no ttl option is specified, which is -m osf --ttl 0, which works for local area network. Therefore: * We need an option to skip TTL checking, eg. 'ttl nocheck', which is mapping -m osf --ttl 2. * We need an option to check for globally-routable address, eg. 'ttl global', which is mapping -m osf --ttl 1. You could also add 'ttl local', but that seems to be the default behaviour anyway, so you could just document this.
Okay, I am going to work on this. Thanks for the review.
