string match?

["Jin Gu, Kim" <lilia21@postech.ac.kr>]

Dear all.

How can I check if iptables string match support is enabled?

I applied patch-o-matic in order to use string match support and 
recompiled kernel to support it.
(iptables v1.2.8)

When done, I tried this

--> host_1# iptables -m string -h

,which produced the related help file :

STRING match v1.2.9rc1 options:
--string [!] string          Match a string in a packet
--hex-string [!] string      Match a hex string in a packet
host_1#

Does it mean that the support can be used?

If yes, when I tried this code, there was no message. What's wrong?

<Run>

--> host_1# iptables -A FORWARD -m string --string "test" -j LOG 
--log-prefix "TEST: "
--> host_1# iptables -A FORWARD -m string --string "test" -j DROP

Then I started a netcat server by :

--> host_1# nc -l -p 3456

I connected to this via :

--> host_2# telnet host_1 3456

and type

--> test
--> test



I think this should yield some log or footprint. But I can't see any 
messages related to this.

Furthermore, when I check "iptables -L -v", there was no records about it.

-->host_1# iptables -L -v
................
Chain FORWARD (policy DROP 248 packets, 22560 bytes)
 pkts bytes target     prot opt in     out     source               
destination
    0     0 LOG        all  --  any    any     anywhere             
anywhere            STRING match test LOG level info prefix `TEST: '
    0     0 DROP       all  --  any    any     anywhere             
anywhere            STRING match test
.....................




What would be wrong?