netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Stéphane Veyret" <sveyret@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nftables v5 1/1] add ct expectations support
Date: Wed, 17 Jul 2019 11:56:25 +0200	[thread overview]
Message-ID: <CAFs+hh49ezQJZf5y2_TSpkDiXinPqay_1OFBNk-=k3QY2bZ4vQ@mail.gmail.com> (raw)
In-Reply-To: <20190716192924.tdjzbvwpdovli7kk@salvia>

Hi Pablo,

Not sure I will have time to work on it before August. Anyway, I will
take the latest version and see, because I ran the test again in my
environment, and I don't get the same error. The only error related to
objects.t is:

ip/objects.t: ERROR: line 3: Table ip test-ip4 already exists

(I have this same error on a lot of other tests, so I think it is not
related to expectations). In /tmp/nftables-test.log, I have:

        ct expectation ctexpect1 {
                protocol tcp
                dport 1234
                timeout 2m
                size 12
                l3proto ip
        }

        ct expectation ctexpect2 {
                protocol udp
                dport 0
                timeout
                size 0
                l3proto ip
        }
…
        chain output {
                type filter hook output priority filter; policy accept;
                ct expectation set "ctexpect1"
        }

which seems rather correct…

Le mar. 16 juil. 2019 à 21:29, Pablo Neira Ayuso <pablo@netfilter.org> a écrit :
>
> On Tue, Jul 16, 2019 at 09:19:35PM +0200, Pablo Neira Ayuso wrote:
> > On Tue, Jul 09, 2019 at 03:02:09PM +0200, Stéphane Veyret wrote:
> > > This modification allow to directly add/list/delete expectations.
> >
> > Applied, thanks Stephane.
>
> Small problem still, if you don't mind to follow up with an
> incremental fix:
>
> ip/objects.t: ERROR: line 52: Failed to add JSON equivalent rule
>
> Looking at /tmp/nftables-test.log, it says:
>
> command: {"nftables": [{"add": {"rule": {"table": "test-ip4", "chain": "output", "family": "ip", "expr": [{"ct expect": "ctexpect1"}]}}}]}
> internal:0:0-0: Error: Unknown statement object 'ct expect'.
>
> Thanks.



-- 
Bien cordialement, / Plej kore,

Stéphane Veyret

  reply	other threads:[~2019-07-17  9:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-09 13:02 [PATCH nftables v5 0/1] add ct expectations support Stéphane Veyret
2019-07-09 13:02 ` [PATCH nftables v5 1/1] " Stéphane Veyret
2019-07-16 19:19   ` Pablo Neira Ayuso
2019-07-16 19:29     ` Pablo Neira Ayuso
2019-07-17  9:56       ` Stéphane Veyret [this message]
2019-07-17 11:36         ` Pablo Neira Ayuso
2019-07-17 14:17           ` Stéphane Veyret

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAFs+hh49ezQJZf5y2_TSpkDiXinPqay_1OFBNk-=k3QY2bZ4vQ@mail.gmail.com' \
    --to=sveyret@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).