Re: u32 question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This example doesn't seem to work for me.
Does it work for anyone else out there?  

 $ iptables -A OUTPUT -m u32 --u32 "0>>22&0x3C@12>>26&0x3C@-3&0xFF=0:255"
  -j LOG --log-prefix "TCP with payload *** "
I've tried some examples without the @ and they seem to be working but
I don't get anything in the log when I do this:

 $ iptables -L OUTPUT -n -v
 Chain OUTPUT (policy ACCEPT 17M packets, 1045M bytes)
  pkts bytes target     prot opt in     out     source
 destination         
     0     0 LOG        all  --  *      *       0.0.0.0/0
 0.0.0.0/0           u32
 0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0xfffffffd&0xff=0x0:0xff LOG flags 0
 level 4 prefix `TCP with payload *** ' 

(seems right)

 $ tcpdump -lenX -i wlan0 -c 4
 tcpdump: verbose output suppressed, use -v or -vv for full protocol
 decode
 listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
 13:02:48.661944 00:21:6b:40:06:7e > 00:80:c8:b9:a4:2f, ethertype IPv4
 (0x0800), length 114: 10.0.2.100.33306 > 66.166.0.98.ssh: P
 3799762522:3799762570(48) ack 1707553806 win 1067 <nop,nop,timestamp
 3419089842 694605510>
        0x0000:  4510 0064 6a44 4000 4006 80d4 0a00 0264 E..djD@.@......d
        0x0010:  42a6 0062 821a 0016 e27b c65a 65c7 340e B..b.....{.Ze.4.
        0x0020:  8018 042b 90d1 0000 0101 080a cbcb 2bb2 ...+..........+.
        0x0030:  2966 d6c6 c826 20cd 0b4c 0cf4 39cc 71e0 )f...&...L..9.q.
        0x0040:  ca4a 73c2 1058 d9e4 9cbd deec 0d10 f5f3 .Js..X..........
        0x0050:  0d32                                     .2
 13:02:48.691819 00:80:c8:b9:a4:2f > 00:21:6b:40:06:7e, ethertype IPv4
 (0x0800), length 114: 66.166.0.98.ssh > 10.0.2.100.33306: P 1:49(48)
 ack 48 win 60816 <nop,nop,timestamp 694607611 3419089842>
 ...
several more packets that ought to show up in the log

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux