Le 07/03/2016 14:20, Patrick McHardy a écrit :
On 05.03, christophe leroy wrote:
Hello,
I'm trying to implement support for CT HELPERs in linux kernel for
nftables and need some help/guidance.
The rule beeing 'udp dport tftp ct helper set "tftp"', I get
nft_ct_set_init() called when I add the rule in the table output filter
table.
I believe I have to call nf_ct_helper_ext_add() from nft_ct_set_init(),
but for that I need the name of the helper that is to be set, ie 'tftp'.
How do I get the name of the requested helper in that function ? I
suppose once I get it I can do the same as xt_ct_set_helper() does.
This depends on how we want to implement this. We could pass a static helper
name in a new CT attribute, look the helper up in the init path and assign it
to the conntrack in the eval function. This means we'd require a single rule
for every helper assignment.
How do we add a new CT attribute for that ? Is there any exemple in
other parts of the kernel for doing that ?
Is it just to add a NFTA_CT_HELPER then add it in the nft_ct_policy
structure as an NLA_STRING type and then retrieve it with nla_strl_cpy() ?
But how does it gets populated with the helper string passed in by nft ?
Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
