This adds the ability to set the conntrack zone from nftables, i.e.
native replacement for -j CT --zone $number.
See individual patches for details.
This will need more documentation and exposure of the builtin
hook priorities (e.g. via defines?) so users can more easily
see whats happening.
Pablo suggested to allow something like
hook prerouting prio $raw;
or even
hook prerouting prio $conntrack - 1;
instead of the 'awkward' use of the actual numbers used by the kernel
('priority -300' to hook at same priority as raw table).
However, this series doesn't contain any of that, so users will
have to use priorities between -399 and -199 (i.e. after defrag and
before conntrack pickup) to assign zones.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
