interesting
/
nftables
mirror of https://github.com/google/nftables.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add missing ct keys (#310) 

The following keys were missing from the CtKey type:

 - `NFT_CT_SRC_IP`
 - `NFT_CT_DST_IP`
 - `NFT_CT_SRC_IP6`
 - `NFT_CT_DST_IP6`
 - `NFT_CT_ID`

Since they also seem to be missing from the unix package, their actual
values were added.
This commit is contained in:
Nick Garlis 2025-03-26 09:54:08 +01:00 committed by GitHub
parent 207a46354c
commit e0bb410d54
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
expr/ct.go
View File

@ -27,6 +27,7 @@ import (
type CtKey uint32 type CtKey uint32
// Possible CtKey values. // Possible CtKey values.
// Retrieved from https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h#n1121
const ( const (
CtKeySTATE CtKey = unix.NFT_CT_STATE CtKeySTATE CtKey = unix.NFT_CT_STATE
CtKeyDIRECTION CtKey = unix.NFT_CT_DIRECTION CtKeyDIRECTION CtKey = unix.NFT_CT_DIRECTION
@ -48,6 +49,13 @@ const (
CtKeyZONE CtKey = unix.NFT_CT_ZONE CtKeyZONE CtKey = unix.NFT_CT_ZONE
CtKeyEVENTMASK CtKey = unix.NFT_CT_EVENTMASK CtKeyEVENTMASK CtKey = unix.NFT_CT_EVENTMASK
// These values seem to be missing from the unix package
CtKeySRCIP CtKey = 19
CtKeyDSTIP CtKey = 20
CtKeySRCIP6 CtKey = 21
CtKeyDSTIP6 CtKey = 22
CtKeyID CtKey = 23
// https://sources.debian.org/src//nftables/0.9.8-3/src/ct.c/?hl=39#L39 // https://sources.debian.org/src//nftables/0.9.8-3/src/ct.c/?hl=39#L39
CtStateBitINVALID uint32 = 1 CtStateBitINVALID uint32 = 1
CtStateBitESTABLISHED uint32 = 2 CtStateBitESTABLISHED uint32 = 2
@ -157,7 +165,7 @@ func (e *Ct) marshalData(fam byte) ([]byte, error) {
exprData = append(exprData, regData...) exprData = append(exprData, regData...)
switch e.Key { switch e.Key {
case CtKeySRC, CtKeyDST, CtKeyPROTOSRC, CtKeyPROTODST: case CtKeySRC, CtKeyDST, CtKeyPROTOSRC, CtKeyPROTODST, CtKeySRCIP, CtKeyDSTIP, CtKeySRCIP6, CtKeyDSTIP6:
regData, err = netlink.MarshalAttributes( regData, err = netlink.MarshalAttributes(
[]netlink.Attribute{ []netlink.Attribute{
{Type: unix.NFTA_CT_DIRECTION, Data: binaryutil.BigEndian.PutUint32(e.Direction)}, {Type: unix.NFTA_CT_DIRECTION, Data: binaryutil.BigEndian.PutUint32(e.Direction)},

32
expr/ct_test.go
View File

@ -46,6 +46,38 @@ func TestCt(t *testing.T) {
SourceRegister: true, SourceRegister: true,
}, },
}, },
{
name: "Unmarshal Ct ip direction original case",
ct: Ct{
Register: 1,
Key: CtKeySRCIP,
Direction: 0,
},
},
{
name: "Unmarshal Ct ip direction reply case",
ct: Ct{
Register: 1,
Key: CtKeySRCIP,
Direction: 1,
},
},
{
name: "Unmarshal Ct ip6 direction original case",
ct: Ct{
Register: 1,
Key: CtKeySRCIP6,
Direction: 0,
},
},
{
name: "Unmarshal Ct ip6 direction reply case",
ct: Ct{
Register: 1,
Key: CtKeyDSTIP6,
Direction: 1,
},
},
} }
for _, tt := range tests { for _, tt := range tests {