search

google / nftables

This repository contains a Go module to interact with Linux nftables (the iptables successor).
Apache License 2.0
1.12k stars 140 forks source link

ct: Specify direction for saddr, daddr, proto-src, proto-dst #264

Closed a-ilin closed 3 months ago

a-ilin commented 4 months ago

The current implementation of CT expression does not work for CT keys:

These CT keys require direction parameter: https://github.com/torvalds/linux/blob/7846b618e0a4c3e08888099d1d4512722b39ca99/net/netfilter/nft_ct.c#L465

This PR adds direction parameter for the CT keys.

stapelberg commented 4 months ago

Thanks for your PR! Could you add a test as well please?

a-ilin commented 4 months ago

@stapelberg , thank you for review!

Please find the test added in the subsequent commit: https://github.com/google/nftables/pull/264/commits/92bef44239a926d6941b17d7b64e8730ac111365

a-ilin commented 4 months ago

Update: rebased to the top of main branch.