Hi Pablo,
On 9/7/19 8:55 PM, Pablo Neira Ayuso wrote:
> On Sat, Sep 07, 2019 at 08:30:22PM +0200, Fernando Fernandez Mancera wrote:
>> Add support for "synproxy" stateful object. For example (for TCP port 80 and
>> using maps with saddr):
>>
>> table ip foo {
>> synproxy https-synproxy {
>> synproxy mss 1460 wscale 7 timestamp sack-perm
>> }
>
> Please, update syntax, so this looks like:
>
> synproxy https-synproxy {
> mss 1460
> wscale 7
> timestamp sack-perm
> }
>
> One option per line.
>
> Thanks!
>
I have updated the syntax.
table ip foo {
synproxy https-synproxy {
mss 1460
wscale 7
timestamp sack-perm
}
synproxy other-synproxy {
mss 1460
wscale 5
}
chain bar {
tcp dport 80 synproxy name "https-synproxy"
synproxy name ip saddr map { 192.168.1.0/24 :
"https-synproxy", 192.168.2.0/24 : "other-synproxy" }
}
}
But then I am getting errors when using "nft -f". Then how it is
possible to allow that on the parser?
mark:3:11-11: Error: syntax error, unexpected newline, expecting wscale
mss 1460
^
mark:4:3-8: Error: syntax error, unexpected wscale
wscale 7
^^^^^^
mark:5:3-11: Error: syntax error, unexpected timestamp
timestamp sack-perm
^^^^^^^^^
mark:9:11-11: Error: syntax error, unexpected newline, expecting wscale
mss 1460
^
mark:10:3-8: Error: syntax error, unexpected wscale
wscale 5
^^^^^^
Thanks! :-)
