path: root/src/ct.c
diff options
authorFlorian Westphal <>2017-09-29 13:54:21 +0200
committerFlorian Westphal <>2017-09-29 13:54:21 +0200
commit0bc5399d7723d9ecab5f71c30dcaea4041366446 (patch)
tree473ae391e6e767aad9b79d7529ab3e3cf90a8ca4 /src/ct.c
parent28180991740e6942adfb12650ff2472d73e89387 (diff)
src: add alternate syntax for ct saddr
current syntax is: ct original saddr $address problem is that in inet, bridge etc. we lack context to figure out if this should fetch ipv6 or ipv4 from the conntrack structure. $address might not exist, rhs could e.g. be a set reference. One way to do this is to have users manually specifiy the dependeny: ct l3proto ipv4 ct original saddr $address Thats ugly, and, moreover, only needed for table families other than ip or ipv6. Pablo suggested to instead specify ip saddr, ip6 saddr: ct original ip saddr $address and let nft handle the dependency injection. This adds the required parts to the scanner and the grammar, next commit adds code to eval step to make use of this. Signed-off-by: Florian Westphal <>
Diffstat (limited to 'src/ct.c')
1 files changed, 2 insertions, 1 deletions
diff --git a/src/ct.c b/src/ct.c
index b2faf627..f99fc7f8 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -335,7 +335,7 @@ static const struct expr_ops ct_expr_ops = {
struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
- int8_t direction)
+ int8_t direction, uint8_t nfproto)
const struct ct_template *tmpl = &ct_templates[key];
struct expr *expr;
@@ -344,6 +344,7 @@ struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
tmpl->byteorder, tmpl->len);
expr->ct.key = key;
expr->ct.direction = direction;
+ expr->ct.nfproto = nfproto;
switch (key) {