On 17/01/11 03:44, Ben K wrote: >> Don't strip Cc, and don't top post. > > Sorry, missed the cc. I read the posting guidelines before mailing and > don't consider my means of quoting to be a top-post (I removed most of > the content and the quote was 'standalone', I just chose to put it at > bottom). > >> Matching across packets would incur unwanted complexity. > > Just curious, does the current string match implementation match > across packets? If not, then surely adding replace functionality (with > the same compromise) is not overly complex? > > On Mon, Jan 17, 2011 at 12:20 PM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > >> >> On Monday 2011-01-17 00:58, Ben K wrote: >>> >>>> Does anyone know if the --string-replace functionality ever made it >>>> into iptables? If not, what are my chances of the patch from 2004 >>>> playing nice with the current Git head revision? I remember that this patch have several problems: * it does not handle fragmented packets * it only allows to replace strings of the same size, otherwise you have to perform sequence number adjustments, and that complicates the whole thing. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
