diff options
author | Harsha Sharma <harshasharmaiitr@gmail.com> | 2018-08-14 01:06:56 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-31 18:40:08 +0200 |
commit | c7c94802679cd9ba09aa78f332f533ecae1b9e0c (patch) | |
tree | be2c336e6ff9de9c1a5b4e21ceca6ab5daae4a69 /tests/py/nft-test.py | |
parent | 2e62c72974dcb2d4c4db1445ae55310a4f84ec15 (diff) |
src: add ct timeout support
This patch adds support for adding, listing and deleting ct timeout
objects which can be assigned via rule to assign connection tracking
timeout policies via objref infrastructure.
% nft add table filter
% nft add chain filter output
% nft add ct timeout filter test-tcp { protocol tcp \; policy = { established: 132, close: 13, close_wait: 17 } \; }
% nft add rule filter output ct timeout set test-tcp
% nft list ruleset
table ip filter {
ct timeout test-tcp {
protocol tcp;
l3proto ip
policy = {established: 132, close_wait: 17, close: 13}
}
chain output {
ct timeout set "test-tcp"
}
}
% nft delete rule filter output handle <handle>
% nft delete ct timeout filter test-tcp
Note: Original patch has been rework to use fixed size array for
timeouts and to validate timeout policy from the evaluation phase, once
we have access to the layer 4 protocol number. --pablo
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/nft-test.py')
0 files changed, 0 insertions, 0 deletions