From: Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx>
Date: Thu, 23 Dec 2010 18:00:38 +0000
>
>>>> If you need to match the same port both with TCP and UDP, then add it
>>>> to the set twice, with the proper protocols.
>>>>
>>> I've already dealt with this - I do not see the need to add 2x as many
>>> elements to a set when, in reality, I am not interested in matching
>>> the protocol part.
>>>
>>
>> You must, every protocol puts the ports in a different location.
>>
> What do you mean by 'puts the ports in a different location'? Clarify
> please.
Look at the proto_ports_offset() function in the kernel if you don't
believe me.
static inline int proto_ports_offset(int proto)
{
switch (proto) {
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_DCCP:
case IPPROTO_ESP: /* SPI */
case IPPROTO_SCTP:
case IPPROTO_UDPLITE:
return 0;
case IPPROTO_AH: /* SPI */
return 4;
default:
return -EINVAL;
}
}
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
