From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christophe Leroy <christophe.leroy@c-s.fr>
Subject: Re: Seeking help for implementing CT HELPER in nftables
Date: Tue, 12 Apr 2016 15:40:01 +0200
Message-ID: <570CFAB1.6090409@c-s.fr>
References: <56DAC502.2060809@c-s.fr>
 <20160307132011.GA7620@macbook.localdomain> <56DF5F61.2060000@c-s.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252;
	format=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	netfilter-devel@vger.kernel.org
To: Patrick McHardy <kaber@trash.net>
Return-path: <netfilter-devel-owner@vger.kernel.org>
Received: from pegase1.c-s.fr ([93.17.236.30]:50093 "EHLO pegase1.c-s.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S932221AbcDLNkE (ORCPT <rfc822;netfilter-devel@vger.kernel.org>);
	Tue, 12 Apr 2016 09:40:04 -0400
In-Reply-To: <56DF5F61.2060000@c-s.fr>
Sender: netfilter-devel-owner@vger.kernel.org
List-ID: <netfilter-devel.vger.kernel.org>

Patrick, can you help ?

Le 09/03/2016 00:25, Christophe Leroy a =E9crit :
>
> Le 07/03/2016 14:20, Patrick McHardy a =E9crit :
>> On 05.03, christophe leroy wrote:
>>> Hello,
>>>
>>> I'm trying to implement support for CT HELPERs in linux kernel for
>>> nftables and need some help/guidance.
>>>
>>> The rule beeing 'udp dport tftp ct helper set "tftp"', I get
>>> nft_ct_set_init() called when I add the rule in the table output fi=
lter
>>> table.
>>>
>>> I believe I have to call nf_ct_helper_ext_add() from nft_ct_set_ini=
t(),
>>> but for that I need the name of the helper that is to be set, ie=20
>>> 'tftp'.
>>> How do I get the name of the requested helper in that function ? I
>>> suppose once I get it I can do the same as  xt_ct_set_helper() does=
=2E
>> This depends on how we want to implement this. We could pass a stati=
c=20
>> helper
>> name in a new CT attribute, look the helper up in the init path and=20
>> assign it
>> to the conntrack in the eval function. This means we'd require a=20
>> single rule
>> for every helper assignment.
> How do we add a new CT attribute for that ? Is there any exemple in=20
> other parts of the kernel for doing that ?
> Is it just to add a NFTA_CT_HELPER then add it in the nft_ct_policy=20
> structure as an NLA_STRING type and then retrieve it with=20
> nla_strl_cpy() ?
> But how does it gets populated with the helper string passed in by nf=
t ?
>
> Christophe
>
>

Christophe
--
To unsubscribe from this list: send the line "unsubscribe netfilter-dev=
el" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html