From: christophe leroy <christophe.leroy@c-s.fr>
To: Jason Sipula <alupis1@gmail.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter@vger.kernel.org
Subject: Re: How are ct helper to be configured with NFT ?
Date: Mon, 12 Oct 2015 20:06:38 +0200 [thread overview]
Message-ID: <561BF6AE.7080803@c-s.fr> (raw)
In-Reply-To: <CAJCcFsgYxFZUiCfEa4tAZV6LSt23wg5xA25=m-w7aaiZ6OX2uQ@mail.gmail.com>
Le 25/02/2015 16:58, Jason Sipula a écrit :
> my understanding was 3.13 had the core of nftables merged
Yes but according to Pablo, "userspace supports this but unfortunately
the kernel code is still missing".
Hence my question.
As of today, what is the status of nftables regarding the support of ct
helper ?
If it is not in yet, how can I help getting it in ?
Christophe
>
> On Wed, Feb 25, 2015 at 4:16 AM, leroy christophe
> <christophe.leroy@c-s.fr> wrote:
>> Le 05/12/2014 11:38, Pablo Neira Ayuso a écrit :
>>> On Fri, Dec 05, 2014 at 08:27:11AM +0100, leroy christophe wrote:
>>>> test.c 100%
>>>> |************************************************************************|
>>>> 804 0:00:00 ETA
>>>>
>>>> # nft list ruleset
>>>> table ip filter {
>>>> chain output {
>>>> type filter hook output priority 0;
>>>> udp dport tftp ct helper "tftp"
>>> The right syntax is:
>>>
>>> udp dport tftp ct helper set "tftp"
>>> ^^^
>>>
>>> your rule above does something different:
>>>
>>> 1) udp dport tftp
>>>
>>> and
>>>
>>> 2) the ct helper is "tftp"
>>>
>>> However, userspace supports this but unfortunately the kernel code is
>>> still missing. So you'll have to wait for this feature or
>>> (temporarily) rely on the automagic helper assignment (from that
>>> message, I understand you already do).
>> Any idea of when the kernel support will be added ?
>>
>> Christophe
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus
next prev parent reply other threads:[~2015-10-12 18:06 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-26 18:08 How are ct helper to be configured with NFT ? leroy christophe
2014-12-05 7:27 ` leroy christophe
2014-12-05 10:38 ` Pablo Neira Ayuso
2015-02-25 12:16 ` leroy christophe
2015-02-25 15:58 ` Jason Sipula
2015-10-12 18:06 ` christophe leroy [this message]
2015-10-12 18:11 ` Jason Sipula
2015-10-13 5:49 ` Christophe Leroy
2015-10-12 18:21 ` Pablo Neira Ayuso
2016-03-02 18:14 ` christophe leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=561BF6AE.7080803@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=alupis1@gmail.com \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox