From: Christophe Leroy <christophe.leroy@c-s.fr>
To: Patrick McHardy <kaber@trash.net>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Subject: Re: Seeking help for implementing CT HELPER in nftables
Date: Wed, 9 Mar 2016 00:25:21 +0100 [thread overview]
Message-ID: <56DF5F61.2060000@c-s.fr> (raw)
In-Reply-To: <20160307132011.GA7620@macbook.localdomain>
Le 07/03/2016 14:20, Patrick McHardy a écrit :
> On 05.03, christophe leroy wrote:
>> Hello,
>>
>> I'm trying to implement support for CT HELPERs in linux kernel for
>> nftables and need some help/guidance.
>>
>> The rule beeing 'udp dport tftp ct helper set "tftp"', I get
>> nft_ct_set_init() called when I add the rule in the table output filter
>> table.
>>
>> I believe I have to call nf_ct_helper_ext_add() from nft_ct_set_init(),
>> but for that I need the name of the helper that is to be set, ie 'tftp'.
>> How do I get the name of the requested helper in that function ? I
>> suppose once I get it I can do the same as xt_ct_set_helper() does.
> This depends on how we want to implement this. We could pass a static helper
> name in a new CT attribute, look the helper up in the init path and assign it
> to the conntrack in the eval function. This means we'd require a single rule
> for every helper assignment.
How do we add a new CT attribute for that ? Is there any exemple in
other parts of the kernel for doing that ?
Is it just to add a NFTA_CT_HELPER then add it in the nft_ct_policy
structure as an NLA_STRING type and then retrieve it with nla_strl_cpy() ?
But how does it gets populated with the helper string passed in by nft ?
Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-03-08 23:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-05 11:37 Seeking help for implementing CT HELPER in nftables christophe leroy
2016-03-07 13:20 ` Patrick McHardy
2016-03-08 23:25 ` Christophe Leroy [this message]
2016-04-12 13:40 ` Christophe Leroy
2016-04-12 13:51 ` Florian Westphal
2016-09-20 11:10 ` Christophe Leroy
2016-09-20 15:38 ` Florian Westphal
2016-09-23 10:45 ` Christophe Leroy
2016-09-23 14:24 ` Pablo Neira Ayuso
2016-09-23 14:31 ` Florian Westphal
2016-09-23 14:48 ` Christophe Leroy
2016-09-23 15:19 ` Pablo Neira Ayuso
2016-09-23 15:29 ` Christophe Leroy
2016-09-23 15:46 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56DF5F61.2060000@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.