Merge b001cdfe40 into 9a9f2ce6b3

Add ct expect support
2024-09-05 22:31:00 +00:00 · 2024-09-06 00:30:30 +02:00
2 changed files with 9 additions and 5 deletions
--- a/expr/ct.go
+++ b/expr/ct.go
@ -226,16 +226,20 @@ func (c *CtExpect) marshal(fam byte) ([]byte, error) {
 }
 func (c *CtExpect) marshalData(fam byte) ([]byte, error) {
-	// all elements must be defined
+	// all elements except l3proto must be defined
 	// per https://git.netfilter.org/nftables/tree/doc/stateful-objects.txt?id=db70959a5ccf2952b218f51c3d529e186a5a43bb#n119
 	// from man page: l3proto is derived from the table family by default
 	exprData := []netlink.Attribute{
 		{Type: NFTA_CT_EXPECT_L3PROTO, Data: binaryutil.BigEndian.PutUint16(c.L3Proto)},
 		{Type: NFTA_CT_EXPECT_L4PROTO, Data: []byte{c.L4Proto}},
 		{Type: NFTA_CT_EXPECT_DPORT, Data: binaryutil.BigEndian.PutUint16(c.DPort)},
 		{Type: NFTA_CT_EXPECT_TIMEOUT, Data: binaryutil.BigEndian.PutUint32(c.Timeout)},
 		{Type: NFTA_CT_EXPECT_SIZE, Data: []byte{c.Size}},
 	}
 	if c.L3Proto != 0 {
 		attr := netlink.Attribute{Type: NFTA_CT_EXPECT_L3PROTO, Data: binaryutil.BigEndian.PutUint16(c.L3Proto)}
 		exprData = append(exprData, attr)
 	}
 	return netlink.MarshalAttributes(exprData)
 }
--- a/nftables_test.go
+++ b/nftables_test.go
@ -1486,7 +1486,7 @@ func TestCtExpect(t *testing.T) {
 	defer conn.FlushRuleset()
 	table := conn.AddTable(&nftables.Table{
-		Family: nftables.TableFamilyINet,
+		Family: nftables.TableFamilyIPv4,
 		Name:   "filter",
 	})
@ -1498,8 +1498,8 @@ func TestCtExpect(t *testing.T) {
 			L3Proto: unix.NFPROTO_IPV4,
 			L4Proto: unix.IPPROTO_TCP,
 			DPort:   53,
-			Timeout: 2000,
+			Timeout: 20,
-			Size:    1,
+			Size:    100,
 		},
 	}
Author	SHA1	Message	Date
turekt	7be4d4ae5c	Merge `b001cdfe40` into `9a9f2ce6b3`	2024-09-05 22:31:00 +00:00
turekt	b001cdfe40	Add ct expect support	2024-09-06 00:30:30 +02:00