[conntrack-tools] Allow protocol number zero

Message ID	20190319195655.14200-1-bhaley@redhat.com
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Brian Haley <bhaley@redhat.com> To: netfilter-devel@vger.kernel.org Subject: [PATCH conntrack-tools] Allow protocol number zero Date: Tue, 19 Mar 2019 15:56:55 -0400 Message-Id: <20190319195655.14200-1-bhaley@redhat.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	[conntrack-tools] Allow protocol number zero \| expand [conntrack-tools] Allow protocol number zero

Message ID

20190319195655.14200-1-bhaley@redhat.com

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Brian Haley <bhaley@redhat.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH conntrack-tools] Allow protocol number zero
Date: Tue, 19 Mar 2019 15:56:55 -0400
Message-Id: <20190319195655.14200-1-bhaley@redhat.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

[conntrack-tools] Allow protocol number zero | expand

Commit Message

Brian Haley March 19, 2019, 7:56 p.m. UTC

/etc/protocols defines protocol zero as 'ip' for IPv4, and
'hopopt' for IPv6, which can be used with conntrack as '-p ip'
or '-p hopopt'.  However it's equivalent, '-p 0' is considered
unsupported.  Change the range check in findproto() to allow
zero as well.

Signed-off-by: Brian Haley <bhaley@redhat.com>
---
 src/conntrack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Pablo Neira Ayuso March 20, 2019, 7:22 a.m. UTC | #1

On Tue, Mar 19, 2019 at 03:56:55PM -0400, Brian Haley wrote:
> /etc/protocols defines protocol zero as 'ip' for IPv4, and
> 'hopopt' for IPv6, which can be used with conntrack as '-p ip'
> or '-p hopopt'.  However it's equivalent, '-p 0' is considered
> unsupported.  Change the range check in findproto() to allow
> zero as well.

Applied, thanks.

diff --git a/src/conntrack.c b/src/conntrack.c
index daa93db..97132a9 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -628,7 +628,7 @@  static struct ctproto_handler *findproto(char *name, int *pnum)
 	}
 	/* using a protocol number? */
 	protonum = atoi(name);
-	if (protonum > 0 && protonum <= IPPROTO_MAX) {
+	if (protonum >= 0 && protonum <= IPPROTO_MAX) {
 		/* try lookup by number, perhaps this protocol is supported */
 		list_for_each_entry(cur, &proto_list, head) {
 			if (cur->protonum == protonum) {

[conntrack-tools] Allow protocol number zero

Commit Message

Comments

Patch