Le 12/10/2015 20:21, Pablo Neira Ayuso a écrit :
On Mon, Oct 12, 2015 at 08:06:38PM +0200, christophe leroy wrote:
Le 25/02/2015 16:58, Jason Sipula a écrit :
my understanding was 3.13 had the core of nftables merged
Yes but according to Pablo, "userspace supports this but unfortunately the
kernel code is still missing".
Hence my question.
As of today, what is the status of nftables regarding the support of ct
helper ?
If it is not in yet, how can I help getting it in ?
I'd appreciate of you can send me patches that we can discuss on
netfilter-devel@xxxxxxxxxxxxxxx.
I think it only requires extra little code for the nft_meta expression
from the kernel.
Isn't it is in nft_ct instead of nft_meta ?
I'm having difficulties to understand how it works.
nft_ct_set_init() is called when I add the rule in the table. So I
believe I have to call nf_ct_helper_ext_add() from here, haven't I ?
But how do I get the name of the requested helper from that function ? I
suppose once I get it I can do the same as xt_ct_set_helper() does.
Otherwise, nft_ct_set_eval() is called when the helper is needed, but I
suppose it is too late when that happens because the conntrack has
already said that it has used automatic helper assignment.
Christophe
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
