Arushi Singhal wrote:
> 1) README is added to run test suite.
> 2) Rename two test-case scripts to follow proper numerical order.
> 3) "echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line" command
> should only used when verbose("-v") option is not there else instead of
> clearing
Usage:
./nft-rule-ct-timeout-add ip filter input some-name
./nft-rule-get ip filter
ip filter input 6
[ objref type 5 name some-name ]
nft list ruleset
...
chain input {
ct timeout set "some-name"
}
Signed-off-by: Harsha Sharma
---
Changes in v3:
- No changes
Changes in v2:
- Add
Add, list and delete ct timeout objects from specified table
Usage e.g.:
% ./nft-ct-timeout-add ip filter some-name tcp
% ./nft-ct-timeout-get ip filter
table filter name some-name use 0 [ ct_timeout family 2 protocol 6
policy = {ESTABLISHED = 111,CLOSE_WAIT = 14, CLOSE = 16}]
%
Add support for ct timeout objects, used to assign connection tracking
timeout policies.
Signed-off-by: Harsha Sharma
---
Chenges in v3:
- minor changes updated with nft patch
Cheanges in v2:
- minor changes
include/libnftnl/Makefile.am| 3 +-
include/libnftnl/cttimeout.h|
Add support for ct timeout objects, used to assign connection
tracking timeout policies and examples.
Harsha Sharma (3):
src: add ct timeout support
examples: add nft-ct-timeout-{add,del,get}
examples: Add test for assigning timeout objects via rule
examples/Makefile.am|
On Sat, Jul 7, 2018 at 7:03 PM, Harsha Sharma
wrote:
> This patch adds support for adding, listing and deleting ct timeout
> objects which can be assigned via rule to assign connection tracking
> timeout policies via objref infrastructure.
>
> %nft add table filter
> %nft add chain filter output
This patch adds support for adding, listing and deleting ct timeout
objects which can be assigned via rule to assign connection tracking
timeout policies via objref infrastructure.
%nft add table filter
%nft add chain filter output
%nft add ct timeout filter test-tcp { protocol:tcp,
On 4 July 2018 at 19:14, Pablo Neira Ayuso wrote:
> On Mon, Jul 02, 2018 at 04:52:14PM +0200, Martynas Pumputis wrote:
>> This patch enables the clash resolution for NAT (disabled in
>> "590b52e10d41") if clashing conntracks match (i.e. both tuples are equal)
>> and a protocol allows it.
>>
>>
1) README is added to run test suite.
2) Rename two test-case scripts to follow proper numerical order.
3) "echo -en "\033[1A\033[K" # clean the [EXECUTING] foobar line" command
should only used when verbose("-v") option is not there else instead of
clearing "[EXECUTING]" prompt it is clearing
