Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Fri, Sep 23, 2016 at 12:45:06PM +0200, Christophe Leroy wrote: > > Le 20/09/2016 à 17:38, Florian Westphal a écrit : > [...] > > >nft will need to populate this (or rather, libnftnl will do this on > > >behalf of nft). > > > > > >Currently we do this: > > >nft --debug=netlink add rule filter i ct helper set foo > > >ip filter i > > > [ immediate reg 1 0x006f6f66 0x00000000 0x00000000 0x00000000 ] > > Florian, Christophe, sorry for this late jump on this. > > If we pass the helper name as string, then helper autoload will not > work as we don't have a way to solve this from the packet path. The point of passing it as a string was to have it available at .init() time so we can look up the helper and do a modprobe if needed. I agree wrt. to maps though, that goes out the door since no sreg is used anymore. [..] > Line #1 makes sure the ftp helper is loaded, we also increment reference > counter. This results in a handle that is dynamically allocated by > nf_tables, that can be retrieve in the same fashion of if_index (ie. > we can look up for the handle from the helper name). > > Then from #2, we use the helper handle to refer to the helper. Hmm, Christophe asked for a simpler solution ;) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
