netfilter: nft_ct: add ct timeout support - linux.git

diff options

author	Harsha Sharma	2018-08-07 17:14:23 +0200
committer	Pablo Neira Ayuso	2018-08-07 17:14:23 +0200
commit	7e0b2b57f01d183e1c84114f1f2287737358d748 (patch)
tree	fbcb423c2a0ee428ff74bd18cc040eab7b809b07 /init/do_mounts.c
parent	ad83f2a9ce37a264202f48f4fd8889ee9056b703 (diff)

netfilter: nft_ct: add ct timeout support

This patch allows to add, list and delete connection tracking timeout policies via nft objref infrastructure and assigning these timeout via nft rule. %./libnftnl/examples/nft-ct-timeout-add ip raw cttime tcp Ruleset: table ip raw { ct timeout cttime { protocol tcp; policy = {established: 111, close: 13 } } chain output { type filter hook output priority -300; policy accept; ct timeout set "cttime" } } %./libnftnl/examples/nft-rule-ct-timeout-add ip raw output cttime %conntrack -E [NEW] tcp 6 111 ESTABLISHED src=172.16.19.128 dst=172.16.19.1 sport=22 dport=41360 [UNREPLIED] src=172.16.19.1 dst=172.16.19.128 sport=41360 dport=22 %nft delete rule ip raw output handle <handle> %./libnftnl/examples/nft-ct-timeout-del ip raw cttime Joint work with Pablo Neira. Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'init/do_mounts.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: