Closed Luap99 closed 1 month ago
Thanks for reporting.
Implementing this will require a little bit of reverse engineering of the JSON API as it's not documented. We can use an nft ruleset that presents all valid forms of the synproxy structure, then:
nft -j list ruleset
.That will be the reference to work on the schema/expr implementations.
I'll start working on this soon™ unless somebody else jumps in. If there is high demand for this feature, please let me know.
Yeah I think there more options in the json that are not documented in libnftables-json(5)
, there are more options documented in nft(8)
but of course they do not show how that looks in the json format. So I agree that we need to reverse engineering the format, that is why I included the example outputs above.
This isn't a priority at all for us (netavark) as we have no need for this feature, the problem for us is/was that unknown rules will break the json deserialization. However with https://github.com/namib-project/nftables-rs/pull/17 we now have the option to only list rules for our table "netavark" which means that should no longer happen as the rules there will only be added by this lib so it should be theoretically impossible to hit such a case.
some info about synproxy can be found here https://wiki.nftables.org/wiki-nftables/index.php/Synproxy
The field is not documented in the libnftables-json(5) page
some example output for named synproxy
and for anonymous synproxy
found originally in https://github.com/containers/netavark/issues/942