Dear Sir or Madam I am currently using nftables under Ubuntu 15.10. Kernel version is 4.2.0-16-generic and nftables version is nftables v0.4 (Support Edward Snowden). I was looking for a way to match packets based on the mss optional value in the tcp header. While using the describe command, I encountered a segfault:
user@machine:~$ nft describe tcp reserved Segmentation fault (core dumped) It is not really a bad bug since the reserved keyword is probably not used anyway but I thought to report it. At the same time I wanted to ask if it is possible to match packets on wether they have a MaximumSegmentSize set in the TCP header or not. I want this since most of the TCP-Syn flood tools seem to not set this option and most legitimate TCP stacks do set it. Greetings Raffaele Meyer -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
