Hello, I noticed that I can not use "ip protocol tcp" for IPv6, I assume that this is due to IPv6 packets not having a protocol field. However, I also noticed that "meta l4proto tcp" works for IPv4 and it seems to match exactly the same packets as "ip protocol tcp". The only relevant piece of information that I could gather is a message (https://patchwork.ozlabs.org/patch/593221/) stating that (for "meta l4proto" and "ip protocol") "However, the two statements are redundants... the second implies the first". If those expressions are different, what exactly do they use to match packets? Is one more efficient? I am writing a script that works with both IPv4 and IPv6, is it reasonable to always use "meta l4proto" to avoid duplicating some code? Please CC me in replies as I am not subscribed to the list. Kind regards, Louis
Attachment:
signature.asc
Description: OpenPGP digital signature
