From 7f742d0a9071f932836b4f8525a6d3f7261ae083 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 21 Jun 2019 10:28:37 +0200
Subject: ct: support for NFT_CT_{SRC,DST}_{IP,IP6}

These keys are available since kernel >= 4.17.

You can still use NFT_CT_{SRC,DST}, however, you need to specify 'meta
protocol' in first place to provide layer 3 context.

Note that NFT_CT_{SRC,DST} are broken with set, maps and concatenations.
This patch is implicitly fixing these cases.

If your kernel is < 4.17, you can still use address matching via
explicit meta nfproto:

	meta nfproto ipv4 ct original saddr 1.2.3.4

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/json.c | 13 -------------
 1 file changed, 13 deletions(-)

(limited to 'src/json.c')

diff --git a/src/json.c b/src/json.c
index e0127c57..4e646842 100644
--- a/src/json.c
+++ b/src/json.c
@@ -485,7 +485,6 @@ json_t *ct_expr_json(const struct expr *expr, struct output_ctx *octx)
 {
 	const char *dirstr = ct_dir2str(expr->ct.direction);
 	enum nft_ct_keys key = expr->ct.key;
-	const struct proto_desc *desc;
 	json_t *root;
 
 	root = json_pack("{s:s}", "key", ct_templates[key].token);
@@ -495,18 +494,6 @@ json_t *ct_expr_json(const struct expr *expr, struct output_ctx *octx)
 
 	if (dirstr)
 		json_object_set_new(root, "dir", json_string(dirstr));
-
-	switch (key) {
-	case NFT_CT_SRC:
-	case NFT_CT_DST:
-		desc = proto_find_upper(&proto_inet, expr->ct.nfproto);
-		if (desc)
-			json_object_set_new(root, "family",
-					    json_string(desc->name));
-		break;
-	default:
-		break;
-	}
 out:
 	return json_pack("{s:o}", "ct", root);
 }
-- 
cgit v1.2.3