summaryrefslogtreecommitdiffstats
path: root/src/json.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-06-21 10:28:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-06-21 18:49:07 +0200
commit7f742d0a9071f932836b4f8525a6d3f7261ae083 (patch)
treecd972674de9ea2efbd6e39747acd435b100bf154 /src/json.c
parentfb5a36ad5c1032244cf76171648fdefbbe571519 (diff)
ct: support for NFT_CT_{SRC,DST}_{IP,IP6}
These keys are available since kernel >= 4.17. You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta protocol' in first place to provide layer 3 context. Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations. This patch is implicitly fixing these cases. If your kernel is < 4.17, you can still use address matching via explicit meta nfproto: meta nfproto ipv4 ct original saddr 1.2.3.4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/json.c')
-rw-r--r--src/json.c13
1 files changed, 0 insertions, 13 deletions
diff --git a/src/json.c b/src/json.c
index e0127c57..4e646842 100644
--- a/src/json.c
+++ b/src/json.c
@@ -485,7 +485,6 @@ json_t *ct_expr_json(const struct expr *expr, struct output_ctx *octx)
{
const char *dirstr = ct_dir2str(expr->ct.direction);
enum nft_ct_keys key = expr->ct.key;
- const struct proto_desc *desc;
json_t *root;
root = json_pack("{s:s}", "key", ct_templates[key].token);
@@ -495,18 +494,6 @@ json_t *ct_expr_json(const struct expr *expr, struct output_ctx *octx)
if (dirstr)
json_object_set_new(root, "dir", json_string(dirstr));
-
- switch (key) {
- case NFT_CT_SRC:
- case NFT_CT_DST:
- desc = proto_find_upper(&proto_inet, expr->ct.nfproto);
- if (desc)
- json_object_set_new(root, "family",
- json_string(desc->name));
- break;
- default:
- break;
- }
out:
return json_pack("{s:o}", "ct", root);
}