On Sun, Sep 08, 2019 at 08:37:38PM +0200, Fernando Fernandez Mancera wrote:
> Hi Pablo,
>
> On 9/7/19 8:55 PM, Pablo Neira Ayuso wrote:
> > On Sat, Sep 07, 2019 at 08:30:22PM +0200, Fernando Fernandez Mancera wrote:
> >> Add support for "synproxy" stateful object. For example (for TCP port 80 and
> >> using maps with saddr):
> >>
> >> table ip foo {
> >> synproxy https-synproxy {
> >> synproxy mss 1460 wscale 7 timestamp sack-perm
> >> }
> >
> > Please, update syntax, so this looks like:
> >
> > synproxy https-synproxy {
> > mss 1460
> > wscale 7
> > timestamp sack-perm
> > }
> >
> > One option per line.
> >
> > Thanks!
> >
>
> I have updated the syntax.
>
> table ip foo {
> synproxy https-synproxy {
> mss 1460
> wscale 7
> timestamp sack-perm
> }
>
> synproxy other-synproxy {
> mss 1460
> wscale 5
> }
>
> chain bar {
> tcp dport 80 synproxy name "https-synproxy"
> synproxy name ip saddr map { 192.168.1.0/24 :
> "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
> }
> }
>
> But then I am getting errors when using "nft -f". Then how it is
> possible to allow that on the parser?
>
> mark:3:11-11: Error: syntax error, unexpected newline, expecting wscale
> mss 1460
> ^
> mark:4:3-8: Error: syntax error, unexpected wscale
> wscale 7
> ^^^^^^
> mark:5:3-11: Error: syntax error, unexpected timestamp
> timestamp sack-perm
> ^^^^^^^^^
> mark:9:11-11: Error: syntax error, unexpected newline, expecting wscale
> mss 1460
> ^
> mark:10:3-8: Error: syntax error, unexpected wscale
> wscale 5
> ^^^^^^
Update the parser, have a look at ct helper, for instance.
