diff options
author | Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> | 2022-06-24 17:01:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-27 12:03:13 +0200 |
commit | 5b1f4ea66afbf1bb20ec4c2de06bb5d8ae0a27cd (patch) | |
tree | 92686c6e86ce1677d41af3778420235db1e3422c /extensions/libct_proto_unknown.c | |
parent | eacb4bffd7bfa6d87072f208ee071ffd0e8552b1 (diff) | |
download | conntrack-tools-5b1f4ea66afbf1bb20ec4c2de06bb5d8ae0a27cd.tar.gz |
conntrack: set reply l4 proto for unknown protocol
Withouth reply l4 protocol being set consistently the mnl_cb_run
(in fact the kernel) would return EINVAL.
Make sure the reply l4 protocol is set properly for unknown
protocols.
Include testcases covering the issue.
Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libct_proto_unknown.c')
-rw-r--r-- | extensions/libct_proto_unknown.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/extensions/libct_proto_unknown.c b/extensions/libct_proto_unknown.c index 2a47704..b877c56 100644 --- a/extensions/libct_proto_unknown.c +++ b/extensions/libct_proto_unknown.c @@ -21,10 +21,21 @@ static void help(void) fprintf(stdout, " no options (unsupported)\n"); } +static void final_check(unsigned int flags, + unsigned int cmd, + struct nf_conntrack *ct) +{ + if (nfct_attr_is_set(ct, ATTR_REPL_L3PROTO) && + nfct_attr_is_set(ct, ATTR_L4PROTO) && + !nfct_attr_is_set(ct, ATTR_REPL_L4PROTO)) + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, nfct_get_attr_u8(ct, ATTR_L4PROTO)); +} + struct ctproto_handler ct_proto_unknown = { .name = "unknown", .help = help, .opts = opts, + .final_check = final_check, .version = VERSION, }; |