Michael Rash wrote:
> It looks like --log-ip-options is broken in 2.4, i.e. the OPT field
> never appears in Netfilter logs even when packets contain IP options.
> I have attached a small patch that fixes this.  It removes the
> "iph->ihl * 4 >= datalen" condition, which rarely happens ("ping -T
> tsonly -s 1 <host>" will trigger it for example).  The resulting code is
> analogous to the code in the 2.6 kernel.

In 2.6 the size of the area is verfied by skb_header_pointer, we
need to do this manually in 2.4. I'm going to submit the attached
patch for this problem.

Regards
Patrick