1 files changed, 82 insertions, 0 deletions

diff --git a/src/expr/ct.c b/src/expr/ct.c
index d5dfc81..f17491c 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -14,6 +14,7 @@
 #include <stdint.h>
 #include <arpa/inet.h>
 #include <errno.h>
+#include <assert.h>
 #include <linux/netfilter/nf_tables.h>
 
 #include "internal.h"
@@ -148,6 +149,82 @@ nftnl_expr_ct_parse(struct nftnl_expr *e, struct nlattr *attr)
 	return 0;
 }
 
+#ifndef XT_CONNLABEL_MAXBIT
+#define XT_CONNLABEL_MAXBIT	127
+#endif
+
+#ifndef NF_CT_LABELS_MAX_SIZE
+#define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / 8)
+#endif
+
+#ifndef NF_CT_HELPER_NAME_LEN
+#define NF_CT_HELPER_NAME_LEN       16
+#endif
+
+static int
+nftnl_expr_ct_reg_len(const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
+
+	switch (ct->key) {
+	case NFT_CT_DIRECTION:
+	case NFT_CT_PROTOCOL:
+	case NFT_CT_L3PROTOCOL:
+		return sizeof(uint8_t);
+	case NFT_CT_ZONE:
+	case NFT_CT_LABELS:
+		return NF_CT_LABELS_MAX_SIZE;
+	case NFT_CT_HELPER:
+		return NF_CT_HELPER_NAME_LEN;
+	case NFT_CT_PROTO_SRC:
+	case NFT_CT_PROTO_DST:
+		return sizeof(uint16_t);
+	case NFT_CT_ID:
+	case NFT_CT_STATE:
+	case NFT_CT_STATUS:
+	case NFT_CT_MARK:
+	case NFT_CT_SECMARK:
+	case NFT_CT_EXPIRATION:
+	case NFT_CT_EVENTMASK:
+	case NFT_CT_SRC_IP:
+	case NFT_CT_DST_IP:
+		return sizeof(uint32_t);
+	case NFT_CT_BYTES:
+	case NFT_CT_PKTS:
+	case NFT_CT_AVGPKT:
+		return sizeof(uint64_t);
+	case NFT_CT_SRC:
+	case NFT_CT_DST:
+	case NFT_CT_SRC_IP6:
+	case NFT_CT_DST_IP6:
+		return sizeof(uint32_t) * 4;
+	default:
+		assert(0);
+	}
+
+	return sizeof(uint32_t);
+}
+
+static bool
+nftnl_expr_ct_reg_cmp(const struct nftnl_reg *reg,
+		      const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
+
+	return reg->ct.key == ct->key &&
+	       reg->ct.dir == ct->dir;
+}
+
+static void
+nftnl_expr_ct_reg_update(struct nftnl_reg *reg,
+			 const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_ct *ct = nftnl_expr_data(e);
+
+	reg->ct.key = ct->key;
+	reg->ct.dir = ct->dir;
+}
+
 static const char *ctkey2str_array[NFT_CT_MAX + 1] = {
 	[NFT_CT_STATE]		= "state",
 	[NFT_CT_DIRECTION]	= "direction",
@@ -259,4 +336,9 @@ struct expr_ops expr_ops_ct = {
 	.parse		= nftnl_expr_ct_parse,
 	.build		= nftnl_expr_ct_build,
 	.snprintf	= nftnl_expr_ct_snprintf,
+	.reg		= {
+		.len	= nftnl_expr_ct_reg_len,
+		.cmp	= nftnl_expr_ct_reg_cmp,
+		.update	= nftnl_expr_ct_reg_update,
+	},
 };