Hi, I am pretty new to iptables, but understand all of the concepts very well. I am trying to drop a specific RTP packet with a certain payload type (1st 2 bytes of payload will tell me in the rtp header). I compiled everything in centos and all appears to work (no errors, etc when loading the module) from a system standpoint. The u32 module has made no matches for me though, and I cannot get the string module to match hex strings. I plan to use u32, but tried string just to see if I was an idiot :) I guess I am! I am using tcpreplay to send the packet I want to drop: 19:40:13.666679 IP ghost.29364 > ccs1.25862: UDP, length 13 0x0000: 45b8 0029 95cd 0000 3d11 9c86 c0a8 6476 E..)....=.....dv 0x0010: c0a8 64f1 72b4 6506 0015 bbc9 800d 9f6b ..d.r.e........k 0x0020: 7c06 b562 a690 c613 6400 0000 0000 |..b....d..... 800d is what I want to catch in bytes 27,28... LOG all -- anywhere anywhere STRING match "|800d|" ALGO name bm TO 65535LOG level debug prefix `PT-13 ::: ' This string filter (which I now have wide open on --from and --to never catches it though. I cannot get u32 to catch anything though. My laptop runs *buntu, and I can successfully get u32 to match on specific IP, etc, but I cannot get it to match on this packet. I am using: -A INPUT -m u32 --u32 "0>>22&0x3C@6=0x800D" -j LOG --log-prefix "CNOISE: " -A INPUT -m u32 --u32 "26&0xFFFF=0x800D" -j LOG --log-prefix "CNOISE: " It never matches though.. And since I am unsure as to when 0 counts and does not, I have tried starting form every byte in the area! :) I get no errors from the modules, but my hex-foo must suck, because I clearly cannot get this to work.. Any pointers would be greatly appreciated.. Oh - kernel 2.6.18, with iptables 1.3.5 (POM'ed from 20100811 snapshot and recompiled).. Thanks for any pointers -Greg Thanks -Greg -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
