Don't strip Cc, and don't top post. On Monday 2011-01-17 00:58, Ben K wrote: > >>Does anyone know if the --string-replace functionality ever made it >>into iptables? If not, what are my chances of the patch from 2004 >>playing nice with the current Git head revision? >Thank you for the speedy reply. > >So I'm guessing the answer to the main question below, about whether >that patch ever made it into iptables, is "no". >Is this because of the limitations of string matching with regards to >packet fragmentation, as per your response, or for some other reason >(eg unwanted complexity)? Matching across packets would incur unwanted complexity. >If the former, then why does iptables include the string match (but >not replace) extension, which surely suffers from the same >limitations? You'd have to ask Pablo (cc'd) who added ipt_string.c 5 years ago to the kernel, or even Emmanuel Roger who had it added 10 years ago to the iptables userspace part. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
