Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > From nftables, existing (inconsistent) syntax can be left in place for > backward compatibility. The new proposed syntax would more explicitly > refer to match the user wants to do, e.g. > > ct helper name set "ftp-21" That would be same as 'ct helper set "ftp-21" that we use at the moment, i.e. this generates same byte code, correct? > ct helper name "ftp-21" I see, kernel ct extension gains a pointer to the objref name. > For NFT_CT_HELPER_TYPE (formerly NFT_CT_HELPER), syntax would be: > > ct helper type "ftp" That would be the 'new' name for existing 'ct helper', so same bytecode, correct? > It should be also possible to support for: > > ct helper type set "ftp" IIRC another argument for objref usage was that this won't work with set infra. > via implicit object, this infrastructure is missing in the kernel > though, the idea would be to create an implicit object that is attached > to the rule. Such object would be released when the rule is removed. Ah, I see. Yes, that would work. > Let me know. Looks good to me.
