I want to match on the gre tunnel key (5) using iptables, my command is below:
iptables -A OUTPUT -t raw -p gre -o eth2 -m conntrack --ctrepldstport 5 -j LOG --log-level debug
However, this is not working. Could anyone help point out where is wrong?
root@promg-2n-a-dhcp85:~/openvswitch# iptables --version iptables v1.4.12
Thanks,
http://www.gossamer-threads.com/lists/iptables/devel/66339
While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack and nat modules to a 2.4.32 kernel I noticed that the gre_key function returns a wrong pointer to the GRE key of a version 0 packet thus corrupting the packet payload.
The intended behaviour for GREv0 packets is to act like nf_conntrack_proto_generic/nf_nat_proto_unknown so I have ripped the offending functions (not used anymore) and modified the xx_nat_proto_gre modules to not touch version 0 (non PPTP) packets."
so nice way of fixing problems :-(
seems this patch was accepted silently, and matching by gre keys will newer work again in linux, contrary to what proclaimed in iptables man.