src/ct: provide fixed data lengh sizes for ip/ip6 keys

nft can load but not list this: table inet filter { chain input { ct original ip daddr {1.2.3.4} accept } } Problem is that the ct template length is 0, so we believe the right hand side is a concatenation because left->len < set->key->len is true. nft then calls abort() during concatenation parsing. Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1222 Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2019-07-12 12:29:31 +0200
committer: Florian Westphal <fw@strlen.de> 2019-07-12 17:04:31 +0200
commit: 87c0bee7f04917623c35e850ad223222a93520d1 (patch)
tree: 9faed64fa79129f5c55f6ab53d464aebbcfc2c7c /tests/py/inet/ct.t
parent: aad1a9199d6d54d1ba71fe825110abac07d9b323 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/tests/py/inet/ct.t b/tests/py/inet/ct.t
index 1a656aa4..3d0dffad 100644
--- a/tests/py/inet/ct.t
+++ b/tests/py/inet/ct.t
@@ -6,6 +6,8 @@
 meta nfproto ipv4 ct original saddr 1.2.3.4;ok;ct original ip saddr 1.2.3.4
 ct original ip6 saddr ::1;ok
 
+ct original ip daddr {1.2.3.4} accept;ok
+
 # missing protocol context
 ct original saddr ::1;fail
author	Florian Westphal <fw@strlen.de>	2019-07-12 12:29:31 +0200
committer	Florian Westphal <fw@strlen.de>	2019-07-12 17:04:31 +0200
commit	87c0bee7f04917623c35e850ad223222a93520d1 (patch)
tree	9faed64fa79129f5c55f6ab53d464aebbcfc2c7c /tests/py/inet/ct.t
parent	aad1a9199d6d54d1ba71fe825110abac07d9b323 (diff)