my understanding was 3.13 had the core of nftables merged
On Wed, Feb 25, 2015 at 4:16 AM, leroy christophe
<christophe.leroy@xxxxxx> wrote:
>
> Le 05/12/2014 11:38, Pablo Neira Ayuso a écrit :
>>
>> On Fri, Dec 05, 2014 at 08:27:11AM +0100, leroy christophe wrote:
>>>
>>> test.c 100%
>>> |************************************************************************|
>>> 804 0:00:00 ETA
>>>
>>> # nft list ruleset
>>> table ip filter {
>>> chain output {
>>> type filter hook output priority 0;
>>> udp dport tftp ct helper "tftp"
>>
>> The right syntax is:
>>
>> udp dport tftp ct helper set "tftp"
>> ^^^
>>
>> your rule above does something different:
>>
>> 1) udp dport tftp
>>
>> and
>>
>> 2) the ct helper is "tftp"
>>
>> However, userspace supports this but unfortunately the kernel code is
>> still missing. So you'll have to wait for this feature or
>> (temporarily) rely on the automagic helper assignment (from that
>> message, I understand you already do).
>
> Any idea of when the kernel support will be added ?
>
> Christophe
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
