On 11 September 2017 at 23:10, Louis Sautier <sautier.louis@xxxxxxxxx> wrote: > Hello, > > I noticed that I can not use "ip protocol tcp" for IPv6, I assume that > this is due to IPv6 packets not having a protocol field. > However, I also noticed that "meta l4proto tcp" works for IPv4 and it > seems to match exactly the same packets as "ip protocol tcp". > > The only relevant piece of information that I could gather is a message > (https://patchwork.ozlabs.org/patch/593221/) stating that (for "meta > l4proto" and "ip protocol") "However, the two statements are > redundants... the second implies the first". > > > If those expressions are different, what exactly do they use to match > packets? Is one more efficient? > Both are similar in term os efficiency. ip protocol tcp checks the IPv4 header looking for the l4 protocol number. meta l4proto tcp checks packet meta information (not header) to know about the l4 protocol, regardless of l3 protocol. Obviously, meta l4proto tcp can be used in IPv4/IPv6 while the first only makes sense in IPv4. You should read 'ip protocol tcp' as if it was explicit about l3 protocol, like 'ipv4 protocol tcp': this wont match any IPv6 packet. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
