* nftables: Add support for unsupported codes in icmp and icmp6 extensions
@ 2017-10-04 9:52 Harsha Sharma
2017-10-04 11:08 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Harsha Sharma @ 2017-10-04 9:52 UTC (permalink / raw)
To: netfilter-devel; +Cc: outreachy-kernel, harshasharmaiitr
Hello,
I am trying to add support for unsupported codes in icmp and icmp6
extensions. Like in iptables, various icmp and icmp6 codes are defined
with their type, code_min and code_max but in nftables various icmp and
icmp6 codes are defined only with their type so codes for unreach,
redirect and time-exceeded are not supported as some of their type
values mismatches otherwise.
Can someone please guide me on what will be the best way to add support
for unreach, redirect and time-exceeded codes in icmp and icmp6
extensions in nftables.
Thanks for your time.
Regards,
Harsha Sharma
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: nftables: Add support for unsupported codes in icmp and icmp6 extensions
2017-10-04 9:52 nftables: Add support for unsupported codes in icmp and icmp6 extensions Harsha Sharma
@ 2017-10-04 11:08 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2017-10-04 11:08 UTC (permalink / raw)
To: Harsha Sharma; +Cc: netfilter-devel, outreachy-kernel
[-- Attachment #1: Type: text/plain, Size: 264 bytes --]
Hi Harsha,
I would suggest you start with a more simple task:
Probably you can add one test for named objects to our tests/shell/
directory under nftables.git tree.
I'm attaching a couple of examples. Please, have a look at
nft/tests/shell/ directory.
Thanks.
[-- Attachment #2: nft-limit-name --]
[-- Type: text/plain, Size: 284 bytes --]
table ip filter {
limit http-traffic {
rate 1/second
}
chain input {
type filter hook input priority 0; policy accept;
limit name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"}
}
}
[-- Attachment #3: nft-stateful-objs --]
[-- Type: text/plain, Size: 686 bytes --]
table ip x {
counter user123 {
packets 12 bytes 1433
}
quota user123 {
over 2000 bytes
}
quota user124 {
over 2000 bytes
}
set y {
type ipv4_addr
}
map test {
type ipv4_addr : quota
elements = { 192.168.2.2 : "user124", 192.168.2.3 : "user124"}
}
chain y {
type filter hook input priority 0; policy accept;
counter name ip saddr map { 192.168.2.2 : "user123", 1.1.1.1 : "user123", 2.2.2.2 : "user123"}
quota name ip saddr map @test drop
}
}
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-10-04 11:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-04 9:52 nftables: Add support for unsupported codes in icmp and icmp6 extensions Harsha Sharma
2017-10-04 11:08 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).