Merci beaucoup Pascal, I get it now. On Thu, Jul 4, 2013 at 8:58 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Hello, > > Aaron Lewis a écrit : >> >> How should I understand --tcp-flags option? >> >> 1) There's two parameters, why need two of them? > > It allows to match packets with some flags cleared. > >> e.g I might just need to match a packet with SYN and RST bit set, >> why do I need to place it for twice (--tcp-flags SYN RST, SYN RST > > Wrong syntax. > >> 2) What does this mean? I don't really get what "mask" and "comp" do here > > The mask specifies which flags must be examined, and the comp which > flags must be set. Therefore flags in the mask but not in the comp must > be cleared. Flags not in the mask may have any value. > >> --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN > > This means match if FIN,SYN set and RST,PSH,ACK,URG cleared. > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Best Regards, Aaron Lewis - PGP: 0xDFE6C29E ( http://keyserver.veridis.com ) Finger Print: 9482 448F C7C3 896C 1DFE 7DD3 2492 A7D0 DFE6 C29E -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
