hello jan ~ On Mon, Jan 31, 2011 at 11:51 AM, Jan Engelhardt <jengelh@xxxxxxxxxx> wrote: > On Monday 2011-01-31 03:47, JeHo Park wrote: > > (Might as well avoid top posting?) > >>hello jan >>i see, i took mistake. Ccs.. :-) >>anyway, i wonder why there is no TCP payload in the skb of the string >>or wurl match. > > Because TCP packets are allowed to have no payload. > is there any way to make TCP packets have payload ? does it possible with only configuration ? or need some modification of the source code ? > >>On Mon, Jan 31, 2011 at 11:38 AM, Jan Engelhardt Âwrote: >>> *sigh* don't strip the Ccs >>> >>> On Monday 2011-01-31 03:24, JeHo Park wrote: >>>>On Mon, Jan 31, 2011 at 11:09 AM, Jan Engelhardt Âwrote: >>>>> On Monday 2011-01-31 02:53, JeHo Park wrote: >>>>>> >>>>>>the string match works well in filter table, but it does not work in NAT. >>>>> >>>>> Oh it _does_ work in nat. >>>>> >>>>> But given that the nat table is an abstract configuration database >>>>> rather than a filter, not all packets do a lookup. >>>> >>>>but i found in runtime with debugging code, there is no TCP data but >>>>only TCP header in the skbuff of string match. >>> >>> Good, then this issue is resolved. >>> >>> >>>>>>i used following iptables rules >>>>>># Âiptables -A PREROUTING -t nat -p tcp --dport 80 -m string --string >>>>>>"goole.com" --algo bm -j DNAT --to-destination 10.10.10.125:80 >>> >>> >> > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
