path: root/include
diff options
authorPablo Neira Ayuso <>2019-06-21 10:28:37 +0200
committerPablo Neira Ayuso <>2019-06-21 18:49:07 +0200
commit7f742d0a9071f932836b4f8525a6d3f7261ae083 (patch)
treecd972674de9ea2efbd6e39747acd435b100bf154 /include
parentfb5a36ad5c1032244cf76171648fdefbbe571519 (diff)
ct: support for NFT_CT_{SRC,DST}_{IP,IP6}
These keys are available since kernel >= 4.17. You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta protocol' in first place to provide layer 3 context. Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations. This patch is implicitly fixing these cases. If your kernel is < 4.17, you can still use address matching via explicit meta nfproto: meta nfproto ipv4 ct original saddr Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
1 files changed, 1 insertions, 2 deletions
diff --git a/include/ct.h b/include/ct.h
index 4c5bd804..063f8cdf 100644
--- a/include/ct.h
+++ b/include/ct.h
@@ -26,8 +26,7 @@ extern const struct ct_template ct_templates[__NFT_CT_MAX];
extern struct expr *ct_expr_alloc(const struct location *loc,
- enum nft_ct_keys key, int8_t direction,
- uint8_t nfproto);
+ enum nft_ct_keys key, int8_t direction);
extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr);
extern struct stmt *notrack_stmt_alloc(const struct location *loc);