Re: How are ct helper to be configured with NFT ?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: christophe leroy <christophe.leroy@c-s.fr>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jason Sipula <alupis1@gmail.com>, netfilter@vger.kernel.org
Subject: Re: How are ct helper to be configured with NFT ?
Date: Wed, 2 Mar 2016 19:14:05 +0100	[thread overview]
Message-ID: <56D72D6D.3060308@c-s.fr> (raw)
In-Reply-To: <20151012182151.GA7856@salvia>

Le 12/10/2015 20:21, Pablo Neira Ayuso a écrit :
> On Mon, Oct 12, 2015 at 08:06:38PM +0200, christophe leroy wrote:
>> Le 25/02/2015 16:58, Jason Sipula a écrit :
>>> my understanding was 3.13 had the core of nftables merged
>> Yes but according to Pablo, "userspace supports this but unfortunately the
>> kernel code is still missing".
>> Hence my question.
>>
>> As of today, what is the status of nftables regarding the support of ct
>> helper ?
>> If it is not in yet, how can I help getting it in ?
> I'd appreciate of you can send me patches that we can discuss on
> netfilter-devel@vger.kernel.org.
>
> I think it only requires extra little code for the nft_meta expression
> from the kernel.
>
>
Isn't it is in nft_ct instead of nft_meta ?

I'm having difficulties to understand how it works.
nft_ct_set_init() is called when I add the rule in the table. So I 
believe I have to call nf_ct_helper_ext_add() from here, haven't I ?
But how do I get the name of the requested helper from that function ? I 
suppose once I get it I can do the same as  xt_ct_set_helper() does.

Otherwise, nft_ct_set_eval() is called when the helper is needed, but I 
suppose it is too late when that happens because the conntrack has 
already said that it has used automatic helper assignment.

Christophe

---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus

     prev parent reply	other threads:[~2016-03-02 18:14 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-26 18:08 How are ct helper to be configured with NFT ? leroy christophe
2014-12-05  7:27 ` leroy christophe
2014-12-05 10:38   ` Pablo Neira Ayuso
2015-02-25 12:16     ` leroy christophe
2015-02-25 15:58       ` Jason Sipula
2015-10-12 18:06         ` christophe leroy
2015-10-12 18:11           ` Jason Sipula
2015-10-13  5:49             ` Christophe Leroy
2015-10-12 18:21           ` Pablo Neira Ayuso
2016-03-02 18:14             ` christophe leroy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=56D72D6D.3060308@c-s.fr \
    --to=christophe.leroy@c-s.fr \
    --cc=alupis1@gmail.com \
    --cc=netfilter@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.