@@ -1047,7 +1047,7 @@ enum nft_socket_keys {
* @NFT_CT_MARK: conntrack mark value
* @NFT_CT_SECMARK: conntrack secmark value
* @NFT_CT_EXPIRATION: relative conntrack expiration time in ms
- * @NFT_CT_HELPER: connection tracking helper assigned to conntrack
+ * @NFT_CT_HELPER_TYPE: connection tracking helper type assigned to conntrack
* @NFT_CT_L3PROTOCOL: conntrack layer 3 protocol
* @NFT_CT_SRC: conntrack layer 3 protocol source (IPv4/IPv6 address, deprecated)
* @NFT_CT_DST: conntrack layer 3 protocol destination (IPv4/IPv6 address, deprecated)
@@ -1073,7 +1073,8 @@ enum nft_ct_keys {
NFT_CT_MARK,
NFT_CT_SECMARK,
NFT_CT_EXPIRATION,
- NFT_CT_HELPER,
+ NFT_CT_HELPER_TYPE,
+#define NFT_CT_HELPER NFT_CT_HELPER_TYPE
NFT_CT_L3PROTOCOL,
NFT_CT_SRC,
NFT_CT_DST,
@@ -107,7 +107,7 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
case NFT_CT_EXPIRATION:
*dest = jiffies_to_msecs(nf_ct_expires(ct));
return;
- case NFT_CT_HELPER:
+ case NFT_CT_HELPER_TYPE:
if (ct->master == NULL)
goto err;
help = nfct_help(ct->master);
@@ -418,7 +418,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
len = NF_CT_LABELS_MAX_SIZE;
break;
#endif
- case NFT_CT_HELPER:
+ case NFT_CT_HELPER_TYPE:
if (tb[NFTA_CT_DIRECTION] != NULL)
return -EINVAL;
len = NF_CT_HELPER_NAME_LEN;
The existing NFT_CT_HELPER allows to match on the helper type, rename this attribute to support for matching on the helper object name. NFT_CT_HELPER is left in place for backward compatibility. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/uapi/linux/netfilter/nf_tables.h | 5 +++-- net/netfilter/nft_ct.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-)