I need a rule to match packets with no options set and/or specific window receiving size set:
IP (tos 0x0, ttl 66, id 9000, offset 0, flags [none], proto TCP
(6), length 40)
y.y.y.y.11111 > x.x.x.x.http: Flags [S], cksum 0xe425 (correct), seq 1729214256, win 715, length 0
So this packet has win 715, flags [none] -> how could I match such packets?
Best Answer
Thank you for answers, but I think I found the best solution (best in speed):
The line above ensures that is a TCP packet, then find the IP length and adopts (there is an additional two byte extraction) it to the bytes ones need to compare (in the example 715). In one word everyone could extract/find/compare every bit/byte in the packets with the great module -> u32. For more info: iptables-u32.v0.1