Re: [PATCH nft v3] src: add synproxy stateful object support

Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> · Tue, 10 Sep 2019 22:50:08 +0200

Hi,

On 9/10/19 10:49 PM, Pablo Neira Ayuso wrote:
> On Sun, Sep 08, 2019 at 09:37:21PM +0200, Fernando Fernandez Mancera wrote:
>> Add support for "synproxy" stateful object. For example (for TCP port 80 and
>> using maps with saddr):
>>
>> table ip foo {
>> 	synproxy https-synproxy {
>> 		mss 1460
>> 		wscale 7
>> 		timestamp sack-perm
>> 	}
>>
>> 	synproxy other-synproxy {
>> 		mss 1460
>> 		wscale 5
>> 	}
>>
>> 	chain bar {
>> 		tcp dport 80 synproxy name "https-synproxy"
>> 		synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
>> 	}
>> }
> 
> Nice. Could you also add some tests for tests/py?
> 
> Thanks.
> 

Sure, thanks Pablo.