From b76fdc8f902210c2bb6c19069f6efb81a16b5474 Mon Sep 17 00:00:00 2001
From: Aleksei Ilin <a-ilin@users.noreply.github.com>
Date: Mon, 5 Aug 2024 08:38:34 +0200
Subject: [PATCH] ct: Specify direction for saddr, daddr, proto-src, proto-dst
 (#264)

The CT keys require direction parameter.
---
 expr/ct.go      | 17 ++++++++++++
 expr/ct_test.go | 69 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 expr/ct_test.go

diff --git a/expr/ct.go b/expr/ct.go
index 4efea02..afec90b 100644
--- a/expr/ct.go
+++ b/expr/ct.go
@@ -61,6 +61,7 @@ type Ct struct {
 	Register       uint32
 	SourceRegister bool
 	Key            CtKey
+	Direction      uint32
 }
 
 func (e *Ct) marshal(fam byte) ([]byte, error) {
@@ -102,6 +103,20 @@ func (e *Ct) marshalData(fam byte) ([]byte, error) {
 		return nil, err
 	}
 	exprData = append(exprData, regData...)
+
+	switch e.Key {
+	case CtKeySRC, CtKeyDST, CtKeyPROTOSRC, CtKeyPROTODST:
+		regData, err = netlink.MarshalAttributes(
+			[]netlink.Attribute{
+				{Type: unix.NFTA_CT_DIRECTION, Data: binaryutil.BigEndian.PutUint32(e.Direction)},
+			},
+		)
+		if err != nil {
+			return nil, err
+		}
+		exprData = append(exprData, regData...)
+	}
+
 	return exprData, nil
 }
 
@@ -117,6 +132,8 @@ func (e *Ct) unmarshal(fam byte, data []byte) error {
 			e.Key = CtKey(ad.Uint32())
 		case unix.NFTA_CT_DREG:
 			e.Register = ad.Uint32()
+		case unix.NFTA_CT_DIRECTION:
+			e.Direction = ad.Uint32()
 		}
 	}
 	return ad.Err()
diff --git a/expr/ct_test.go b/expr/ct_test.go
new file mode 100644
index 0000000..b495860
--- /dev/null
+++ b/expr/ct_test.go
@@ -0,0 +1,69 @@
+package expr
+
+import (
+	"encoding/binary"
+	"reflect"
+	"testing"
+
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+func TestCt(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name string
+		ct   Ct
+	}{
+		{
+			name: "Unmarshal Ct status case",
+			ct: Ct{
+				Register: 1,
+				Key:      CtKeySTATUS,
+			},
+		},
+		{
+			name: "Unmarshal Ct proto-dst direction original case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeyPROTODST,
+				Direction: 0, // direction: original
+			},
+		},
+		{
+			name: "Unmarshal Ct src direction reply case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeySRC,
+				Direction: 1, // direction: reply
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			nct := Ct{}
+			data, err := tt.ct.marshal(0 /* don't care in this test */)
+			if err != nil {
+				t.Fatalf("marshal error: %+v", err)
+
+			}
+			ad, err := netlink.NewAttributeDecoder(data)
+			if err != nil {
+				t.Fatalf("NewAttributeDecoder() error: %+v", err)
+			}
+			ad.ByteOrder = binary.BigEndian
+			for ad.Next() {
+				if ad.Type() == unix.NFTA_EXPR_DATA {
+					if err := nct.unmarshal(0, ad.Bytes()); err != nil {
+						t.Errorf("unmarshal error: %+v", err)
+						break
+					}
+				}
+			}
+			if !reflect.DeepEqual(tt.ct, nct) {
+				t.Fatalf("original %+v and recovered %+v Ct structs are different", tt.ct, nct)
+			}
+		})
+	}
+}