On Fri, Jun 21, 2019 at 06:45:14PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > diff --git a/tests/py/inet/ct.t.json.output b/tests/py/inet/ct.t.json.output
> > index 8b71519e9be7..74c436a3a79e 100644
> > --- a/tests/py/inet/ct.t.json.output
> > +++ b/tests/py/inet/ct.t.json.output
> > @@ -5,7 +5,6 @@
> > "left": {
> > "ct": {
> > "dir": "original",
> > - "family": "ip",
> > "key": "saddr"
>
> Should that be "ip saddr"?
> Or is a plain "saddr" without family now implicitly ipv4?
In this patch, the old way (NFT_CT_SRC) still works via dependency:
# meta nfproto ipv4 ct original saddr 1.2.3.4
If someone with kernel < 4.17 needs to match on ct address, it can
still use it this way.
set, map and concatenations are broken anyway, so I would just expect
users with simple rules that refer to something like this.
