On Tue, Mar 09, 2021 at 10:18:17PM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > From nftables, existing (inconsistent) syntax can be left in place for > > backward compatibility. The new proposed syntax would more explicitly > > refer to match the user wants to do, e.g. > > > > ct helper name set "ftp-21" > > That would be same as 'ct helper set "ftp-21" that we use at the > moment, i.e. this generates same byte code, correct? Yes. > > ct helper name "ftp-21" > > I see, kernel ct extension gains a pointer to the objref name. > > > For NFT_CT_HELPER_TYPE (formerly NFT_CT_HELPER), syntax would be: > > > > ct helper type "ftp" > > That would be the 'new' name for existing 'ct helper', so same bytecode, > correct? Yes. > > It should be also possible to support for: > > > > ct helper type set "ftp" > > IIRC another argument for objref usage was that this won't work > with set infra. Right. The (missing) implicit object support would make it fit into the set infrastructure. > > via implicit object, this infrastructure is missing in the kernel > > though, the idea would be to create an implicit object that is attached > > to the rule. Such object would be released when the rule is removed. > > Ah, I see. > > Yes, that would work. > > > Let me know. > > Looks good to me. Thanks for reviewing.
