[patch] netfilter: implement TCPMSS target for IPv6
kaber at trash.net
Tue Jan 16 14:34:14 CET 2007
Arnaud Ebalard wrote:
> Sorry for the late post. Just to say that i also _had_ to implement
> that (220.127.116.11 and iptables 1.3.7). I was testing it before pushing
> it ;-) too late. Anyway, patch is below for reference.
Thanks, I've applied the ip6tables TCPMSS extension to SVN.
> Question : I made a specific case for AH (even if deprecated) protected
> traffic to avoid clamping of that packets. ipv6_skip_exthdr() simply
> does not verify that and it seems there is no check against that. Can
> you take a look at find_tcp_hdr in the patch below and tell me if i'm
> wrong ? (function is based on ipv6_find_hdr(), ipv6_prepare(),
> nf_ct_ipv6_skip_exthdr() and ipv6_skip_exthdr() code).
Mhh .. that makes sense, but I tend to prefer to let users take care
of that using their ruleset.
More information about the netfilter-devel