[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: How are ct helper to be configured with NFT ?
From:       Jason Sipula <alupis1 () gmail ! com>
Date:       2015-02-25 15:58:29
Message-ID: CAJCcFsgYxFZUiCfEa4tAZV6LSt23wg5xA25=m-w7aaiZ6OX2uQ () mail ! gmail ! com
[Download RAW message or body]

my understanding was 3.13 had the core of nftables merged

On Wed, Feb 25, 2015 at 4:16 AM, leroy christophe
<christophe.leroy@c-s.fr> wrote:
>
> Le 05/12/2014 11:38, Pablo Neira Ayuso a écrit :
>>
>> On Fri, Dec 05, 2014 at 08:27:11AM +0100, leroy christophe wrote:
>>>
>>> test.c               100%
>>> |************************************************************************|
>>> 804   0:00:00 ETA
>>>
>>> # nft list ruleset
>>> table ip filter {
>>>          chain output {
>>>                   type filter hook output priority 0;
>>>                   udp dport tftp ct helper "tftp"
>>
>> The right syntax is:
>>
>>          udp dport tftp ct helper set "tftp"
>>                                   ^^^
>>
>> your rule above does something different:
>>
>> 1) udp dport tftp
>>
>> and
>>
>> 2) the ct helper is "tftp"
>>
>> However, userspace supports this but unfortunately the kernel code is
>> still missing.  So you'll have to wait for this feature or
>> (temporarily) rely on the automagic helper assignment (from that
>> message, I understand you already do).
>
> Any idea of when the kernel support will be added ?
>
> Christophe
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]