Maybe we're talking about different things? I had read in some places that linux kernel version 3.13 had the core of nftables merged. https://wiki.archlinux.org/index.php/Nftables I do not know anything about ct helper, however. On Mon, Oct 12, 2015 at 11:06 AM, christophe leroy <christophe.leroy@xxxxxx> wrote: > > Le 25/02/2015 16:58, Jason Sipula a écrit : >> >> my understanding was 3.13 had the core of nftables merged > > Yes but according to Pablo, "userspace supports this but unfortunately the > kernel code is still missing". > Hence my question. > > As of today, what is the status of nftables regarding the support of ct > helper ? > If it is not in yet, how can I help getting it in ? > > Christophe > > >> >> On Wed, Feb 25, 2015 at 4:16 AM, leroy christophe >> <christophe.leroy@xxxxxx> wrote: >>> >>> Le 05/12/2014 11:38, Pablo Neira Ayuso a écrit : >>>> >>>> On Fri, Dec 05, 2014 at 08:27:11AM +0100, leroy christophe wrote: >>>>> >>>>> test.c 100% >>>>> >>>>> |************************************************************************| >>>>> 804 0:00:00 ETA >>>>> >>>>> # nft list ruleset >>>>> table ip filter { >>>>> chain output { >>>>> type filter hook output priority 0; >>>>> udp dport tftp ct helper "tftp" >>>> >>>> The right syntax is: >>>> >>>> udp dport tftp ct helper set "tftp" >>>> ^^^ >>>> >>>> your rule above does something different: >>>> >>>> 1) udp dport tftp >>>> >>>> and >>>> >>>> 2) the ct helper is "tftp" >>>> >>>> However, userspace supports this but unfortunately the kernel code is >>>> still missing. So you'll have to wait for this feature or >>>> (temporarily) rely on the automagic helper assignment (from that >>>> message, I understand you already do). >>> >>> Any idea of when the kernel support will be added ? >>> >>> Christophe >>> >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter" in >>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>> More majordomo info at http://vger.kernel.org/majordomo-info.html > > > > --- > L'absence de virus dans ce courrier électronique a été vérifiée par le > logiciel antivirus Avast. > https://www.avast.com/antivirus > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
