Le 25/02/2015 16:58, Jason Sipula a écrit :
my understanding was 3.13 had the core of nftables merged
Yes but according to Pablo, "userspace supports this but unfortunately
the kernel code is still missing".
Hence my question.
As of today, what is the status of nftables regarding the support of ct
helper ?
If it is not in yet, how can I help getting it in ?
Christophe
On Wed, Feb 25, 2015 at 4:16 AM, leroy christophe
<christophe.leroy@xxxxxx> wrote:
Le 05/12/2014 11:38, Pablo Neira Ayuso a écrit :
On Fri, Dec 05, 2014 at 08:27:11AM +0100, leroy christophe wrote:
test.c 100%
|************************************************************************|
804 0:00:00 ETA
# nft list ruleset
table ip filter {
chain output {
type filter hook output priority 0;
udp dport tftp ct helper "tftp"
The right syntax is:
udp dport tftp ct helper set "tftp"
^^^
your rule above does something different:
1) udp dport tftp
and
2) the ct helper is "tftp"
However, userspace supports this but unfortunately the kernel code is
still missing. So you'll have to wait for this feature or
(temporarily) rely on the automagic helper assignment (from that
message, I understand you already do).
Any idea of when the kernel support will be added ?
Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
