1 files changed, 15 insertions, 6 deletions

diff --git a/src/obj/ct_helper.c b/src/obj/ct_helper.c
index c52032a..1feccf2 100644
--- a/src/obj/ct_helper.c
+++ b/src/obj/ct_helper.c
@@ -32,13 +32,11 @@ static int nftnl_obj_ct_helper_set(struct nftnl_obj *e, uint16_t type,
 		snprintf(helper->name, sizeof(helper->name), "%s", (const char *)data);
 		break;
 	case NFTNL_OBJ_CT_HELPER_L3PROTO:
-		memcpy(&helper->l3proto, data, sizeof(helper->l3proto));
+		memcpy(&helper->l3proto, data, data_len);
 		break;
 	case NFTNL_OBJ_CT_HELPER_L4PROTO:
-		memcpy(&helper->l4proto, data, sizeof(helper->l4proto));
+		memcpy(&helper->l4proto, data, data_len);
 		break;
-	default:
-		return -1;
 	}
 	return 0;
 }
@@ -141,14 +139,25 @@ static int nftnl_obj_ct_helper_snprintf(char *buf, size_t len,
 			helper->name, helper->l3proto, helper->l4proto);
 }
 
+/* from kernel's include/net/netfilter/nf_conntrack_helper.h */
+#define NF_CT_HELPER_NAME_LEN	16
+
+static struct attr_policy
+obj_ct_helper_attr_policy[__NFTNL_OBJ_CT_HELPER_MAX] = {
+	[NFTNL_OBJ_CT_HELPER_NAME]	= { .maxlen = NF_CT_HELPER_NAME_LEN },
+	[NFTNL_OBJ_CT_HELPER_L3PROTO]	= { .maxlen = sizeof(uint16_t) },
+	[NFTNL_OBJ_CT_HELPER_L4PROTO]	= { .maxlen = sizeof(uint8_t) },
+};
+
 struct obj_ops obj_ops_ct_helper = {
 	.name		= "ct_helper",
 	.type		= NFT_OBJECT_CT_HELPER,
 	.alloc_len	= sizeof(struct nftnl_obj_ct_helper),
-	.max_attr	= NFTA_CT_HELPER_MAX,
+	.nftnl_max_attr	= __NFTNL_OBJ_CT_HELPER_MAX - 1,
+	.attr_policy	= obj_ct_helper_attr_policy,
 	.set		= nftnl_obj_ct_helper_set,
 	.get		= nftnl_obj_ct_helper_get,
 	.parse		= nftnl_obj_ct_helper_parse,
 	.build		= nftnl_obj_ct_helper_build,
-	.snprintf	= nftnl_obj_ct_helper_snprintf,
+	.output		= nftnl_obj_ct_helper_snprintf,
 };