ct: support for NFT_CT_{SRC,DST}_{IP,IP6}

These keys are available since kernel >= 4.17. You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta protocol' in first place to provide layer 3 context. Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations. This patch is implicitly fixing these cases. If your kernel is < 4.17, you can still use address matching via explicit meta nfproto: meta nfproto ipv4 ct original saddr 1.2.3.4 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-06-21 10:28:37 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-06-21 18:49:07 +0200
commit: 7f742d0a9071f932836b4f8525a6d3f7261ae083 (patch)
tree: cd972674de9ea2efbd6e39747acd435b100bf154 /tests/py/inet/ct.t.json
parent: fb5a36ad5c1032244cf76171648fdefbbe571519 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/tests/py/inet/ct.t.json b/tests/py/inet/ct.t.json
index 02bb2d27..d0c26aef 100644
--- a/tests/py/inet/ct.t.json
+++ b/tests/py/inet/ct.t.json
@@ -30,8 +30,7 @@
             "left": {
                 "ct": {
                     "dir": "original",
-                    "family": "ip6",
-                    "key": "saddr"
+                    "key": "ip6 saddr"
                 }
             },
 	    "op": "==",
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-06-21 10:28:37 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-06-21 18:49:07 +0200
commit	7f742d0a9071f932836b4f8525a6d3f7261ae083 (patch)
tree	cd972674de9ea2efbd6e39747acd435b100bf154 /tests/py/inet/ct.t.json
parent	fb5a36ad5c1032244cf76171648fdefbbe571519 (diff)