Add missing ct keys (#310)

The following keys were missing from the CtKey type: - `NFT_CT_SRC_IP` - `NFT_CT_DST_IP` - `NFT_CT_SRC_IP6` - `NFT_CT_DST_IP6` - `NFT_CT_ID` Since they also seem to be missing from the unix package, their actual values were added.
2025-03-26 09:54:08 +01:00 · 2025-03-26 09:54:08 +01:00 · e0bb410d54
parent 207a46354c
commit e0bb410d54
2 changed files with 41 additions and 1 deletions
--- a/expr/ct.go
+++ b/expr/ct.go
@ -27,6 +27,7 @@ import (
 type CtKey uint32

 // Possible CtKey values.
+// Retrieved from https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h#n1121
 const (
 	CtKeySTATE      CtKey = unix.NFT_CT_STATE
 	CtKeyDIRECTION  CtKey = unix.NFT_CT_DIRECTION
@ -48,6 +49,13 @@ const (
 	CtKeyZONE       CtKey = unix.NFT_CT_ZONE
 	CtKeyEVENTMASK  CtKey = unix.NFT_CT_EVENTMASK

+	// These values seem to be missing from the unix package
+	CtKeySRCIP  CtKey = 19
+	CtKeyDSTIP  CtKey = 20
+	CtKeySRCIP6 CtKey = 21
+	CtKeyDSTIP6 CtKey = 22
+	CtKeyID     CtKey = 23
+
 	// https://sources.debian.org/src//nftables/0.9.8-3/src/ct.c/?hl=39#L39
 	CtStateBitINVALID     uint32 = 1
 	CtStateBitESTABLISHED uint32 = 2
@ -157,7 +165,7 @@ func (e *Ct) marshalData(fam byte) ([]byte, error) {
 	exprData = append(exprData, regData...)

 	switch e.Key {
-	case CtKeySRC, CtKeyDST, CtKeyPROTOSRC, CtKeyPROTODST:
+	case CtKeySRC, CtKeyDST, CtKeyPROTOSRC, CtKeyPROTODST, CtKeySRCIP, CtKeyDSTIP, CtKeySRCIP6, CtKeyDSTIP6:
 		regData, err = netlink.MarshalAttributes(
 			[]netlink.Attribute{
 				{Type: unix.NFTA_CT_DIRECTION, Data: binaryutil.BigEndian.PutUint32(e.Direction)},
--- a/expr/ct_test.go
+++ b/expr/ct_test.go
@ -46,6 +46,38 @@ func TestCt(t *testing.T) {
 				SourceRegister: true,
 			},
 		},
+		{
+			name: "Unmarshal Ct ip direction original case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeySRCIP,
+				Direction: 0,
+			},
+		},
+		{
+			name: "Unmarshal Ct ip direction reply case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeySRCIP,
+				Direction: 1,
+			},
+		},
+		{
+			name: "Unmarshal Ct ip6 direction original case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeySRCIP6,
+				Direction: 0,
+			},
+		},
+		{
+			name: "Unmarshal Ct ip6 direction reply case",
+			ct: Ct{
+				Register:  1,
+				Key:       CtKeyDSTIP6,
+				Direction: 1,
+			},
+		},
 	}

 	for _, tt := range tests {