On Monday 2008-07-21 18:41, Padmanabhan wrote: >Hello, Jan, >I came up with following u32 rule ,,should I not multiply by 4 for >TCP header length to get the offset , as we do for the IP header ? Right, I probably missed out on that. I do not use u32 that often, but I am happy to see someone use it at all :-) >iptables -m u32 --u32 " 0>>22&0x3C@12>>26&0x3C@0&0xFF000000=0x01 >&& >0>>22&0x3C@12>>26&0x3C@16=0x00000000:0xFFFFFFFF" -j ulog > >for TOS bits set packet, I am inspecting first byte of TCP payload and Well for TOS, I used -m tos for sheer readability of the match but of course you are free to use u32 for that too to save the memory that would otherwise be required by xt_tos. >if that matches, need to record/log value from 16-19 in the TCP >payload. Since a test has to be made, i just compared those byte value >to be in the range of all 0's to all FF's.. which obviously it would >be ...So, with this test done, the action I would like to do is log >those four byte value . > >1. My requirement is as stated by Grant, just need to log those four >bytes ( ITT value) from the iscsi header. Is there any options in >linux space ? With u32 I came so close, yet it was not able to fulfill >it. u32 is just a match, not a log-this-and-that target. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
