ct: add support for directional keys

A few keys in the ct expression are directional, i.e. we need to tell kernel if it should fetch REPLY or ORIGINAL direction. Split ct_keys into ct_keys & ct_keys_dir, the latter are those keys that the kernel rejects unless also given a direction. During postprocessing we also need to invoke ct_expr_update_type, problem is that e.g. ct saddr can be any family (ip, ipv6) so we need to update the expected data type based on the network base. Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2016-01-04 20:53:43 +0100
committer: Florian Westphal <fw@strlen.de> 2016-01-04 20:53:43 +0100
commit: 7ad9e1f8ad4ba637be841d0573bdfdcf397f0815 (patch)
tree: 1c700561baa465690fb3eb41e1abeab9ac13367d /src/netlink_linearize.c
parent: b99ec85e32947e337681aef8a29eae1c4c10f14e (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 131c3f95..48f5f027 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -209,6 +209,10 @@ static void netlink_gen_ct(struct netlink_linearize_ctx *ctx,
 	nle = alloc_nft_expr("ct");
 	netlink_put_register(nle, NFTNL_EXPR_CT_DREG, dreg);
 	nftnl_expr_set_u32(nle, NFTNL_EXPR_CT_KEY, expr->ct.key);
+	if (expr->ct.direction >= 0)
+		nftnl_expr_set_u8(nle, NFTNL_EXPR_CT_DIR,
+				  expr->ct.direction);
+
 	nftnl_rule_add_expr(ctx->nlr, nle);
 }
author	Florian Westphal <fw@strlen.de>	2016-01-04 20:53:43 +0100
committer	Florian Westphal <fw@strlen.de>	2016-01-04 20:53:43 +0100
commit	7ad9e1f8ad4ba637be841d0573bdfdcf397f0815 (patch)
tree	1c700561baa465690fb3eb41e1abeab9ac13367d /src/netlink_linearize.c
parent	b99ec85e32947e337681aef8a29eae1c4c10f14e (diff)