This series adds the frontend/nft support to define and
assign connection tracking helpers.
Example:
table inet myhelpers {
ct helper ftp-standard {
type "ftp"
protocol tcp
}
chain prerouting {
type filter hook prerouting priority 0;
tcp dport 21 ct helper set "ftp-standard"
}
}
A future extension could also allow to define/set knobs
that can only be set via module parameters at this time,
for instance the ftp 'loose mode' or the number of allowed expectations.
doc/nft.xml | 99 +++++++++++++++
files/nftables/Makefile.am | 4
files/nftables/ipv4-raw | 6
files/nftables/ipv6-raw | 6
include/ct.h | 1
include/datatype.h | 1
include/linux/netfilter/nf_conntrack_common.h | 80 ++----------
include/linux/netfilter/nf_tables.h | 5
include/rule.h | 12 +
src/ct.c | 40 ++++++
src/evaluate.c | 37 ++++-
src/netlink.c | 16 ++
src/parser_bison.y | 162 +++++++++++++++++++++++++-
src/rule.c | 59 +++++++++
src/statement.c | 10 +
tests/py/ip/objects.t | 4
tests/py/ip/objects.t.payload | 14 ++
tests/py/nft-test.py | 11 +
18 files changed, 481 insertions(+), 86 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
