Sorry if I have misunderstood you but right now, the function implements
'ttl nocheck' and 'ttl global' behaviours. Yes I am going to document
that the default behaviour is 'ttl local'.
So if I am not wrong this doesn't require changes. Did you mean
something different or it is fine? Thanks!
On 9/18/18 1:16 AM, Pablo Neira Ayuso wrote:
On Sun, Sep 16, 2018 at 09:11:12PM +0200, Fernando Fernandez Mancera wrote:
Add support for ttl option in "osf" expression. Example:
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
osf ttl 0 name "Linux"
Looking at nf_osf_ttl()
* Currently, default behaviour is "check for exact TTL" if no ttl option
is specified, which is -m osf --ttl 0, which works for local area
network.
Therefore:
* We need an option to skip TTL checking, eg. 'ttl nocheck', which is
mapping -m osf --ttl 2.
* We need an option to check for globally-routable address, eg. 'ttl
global', which is mapping -m osf --ttl 1.
You could also add 'ttl local', but that seems to be the default
behaviour anyway, so you could just document this.
