2018-03-12 16:53 GMT+01:00 Florian Westphal <fw@xxxxxxxxx>: >> It may be what I'm looking for. But I couldn't find any documentation >> about this “ct expectation” command. Or do you mean I should create a >> conntrack helper module for that? > > Right, this doesn't exist yet. > > I think we (you) should consider to extend net/netfilter/nft_ct.c, to > support a new NFT_CT_EXPECT attribute in nft_ct_set_eval() function. > > This would then install a new expectation based on what userspace told > us. > > You can look at > net/netfilter/nf_conntrack_ftp.c > and search for nf_ct_expect_alloc() to see where the ftp helper installs > the expectation. > > The main difference would be that with nft_ct.c, most properties of > the new expectation would be determined by netlink attributes which were > set by the nftables ruleset. Thank you, I'll do that… :-) -- Bien cordialement, / Plej kore, Stéphane Veyret -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
