Stéphane Veyret wrote:
> Le lun. 12 mars 2018 à 16:53, Florian Westphal a écrit :
> > > > Something like:
> > > >
> > > > chain postrouting {
> > > > type filter hook postrouting priority 0;
> > > > # tell kernel to install an expectation
> > > > # arriving on udp ports 69
Hello Florian, hello all,
More than a year has past since I asked all those questions about
adding expectation attribute to nf_tables, and I finally have time to
work on it. But I find it difficult to understand the way it is
written, and therefore have questions. Here are the first ones (see
belo
2018-03-12 16:53 GMT+01:00 Florian Westphal :
>> It may be what I'm looking for. But I couldn't find any documentation
>> about this “ct expectation” command. Or do you mean I should create a
>> conntrack helper module for that?
>
> Right, this doesn't exist yet.
>
> I think we (you) should conside
Stéphane Veyret wrote:
> 2018-03-12 12:25 GMT+01:00 Florian Westphal :
> > (Or i still fail to understand what you want to do, it does
> > sound exactly like expectations, e.g. for ftp data channel in
> > response to PASV command on ftp control channel).
>
> No, what I would like to have is mor
Thank you for your help.
2018-03-12 12:25 GMT+01:00 Florian Westphal :
> (Or i still fail to understand what you want to do, it does
> sound exactly like expectations, e.g. for ftp data channel in
> response to PASV command on ftp control channel).
No, what I would like to have is more like FTP
Stéphane Veyret wrote:
> A few words on the specs I imagined for the port triggering:
>
> table ip trigger {
> chain postrouting {
> type filter hook postrouting priority 0;
> ip dport 554 trigger open rtsp timeout 300 # Open the
> trigger named r
Partially answering to myself : here is a good starting point for
nftables dev ->
https://zasdfgbnm.github.io/2017/09/07/Extending-nftables/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at ht
Hi,
Sorry for previous answer, Florian, I didn't see I was answering to
your own address and not to the full list.
Port triggering is a basic feature that we can find in most hardware
routers. Unfortunately, people wanting to build their own software
router on Linux, mostly using netfilte
Stéphane Veyret wrote:
> Hi,
>
> I saw that patches have been written some years ago for port
> triggering in Netfilter, but no such feature is currently available in
> the kernel. Is there any reason for that? If I write and submit such a
> patch as Xtables-addons module, wou
Hi,
Please tell me if my message was posted in the wrong place, or if I
don't use the right title convention…
Thank you,
--
Bien cordialement, / Plej kore,
Stéphane Veyret
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.
Hi,
I saw that patches have been written some years ago for port
triggering in Netfilter, but no such feature is currently available in
the kernel. Is there any reason for that? If I write and submit such a
patch as Xtables-addons module, would it have chances to be accepted?
Regards,
--
Bien
11 matches
Mail list logo
