diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2024-11-08 17:34:43 +0000 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2024-11-12 14:53:52 +0100 |
commit | e6e232d0ae252b0b86278455b18d9475b95db8f0 (patch) | |
tree | a978c58a44ad7fa61a16fed48b6f386aa1a1b6d1 /include/linux/netfilter/ipset | |
parent | 0506bea1dcc8f12d94e7c32bf2fb04abb3fdd269 (diff) |
Protocol number 141 is assigned to a real protocol: Wrapped Encapsulating
Security Payload. This is listed in Debian's /etc/protocols, which leads to
test failures:
./extensions/generic.txlate: Fail
src: iptables-translate -A FORWARD -p 141
exp: nft 'add rule ip filter FORWARD ip protocol 141 counter'
res: nft 'add rule ip filter FORWARD ip protocol wesp counter'
./extensions/generic.txlate: Fail
src: ip6tables-translate -A FORWARD -p 141
exp: nft 'add rule ip6 filter FORWARD meta l4proto 141 counter'
res: nft 'add rule ip6 filter FORWARD meta l4proto wesp counter'
./extensions/generic.txlate: Fail
src: iptables-translate -A FORWARD ! -p 141
exp: nft 'add rule ip filter FORWARD ip protocol != 141 counter'
res: nft 'add rule ip filter FORWARD ip protocol != wesp counter'
./extensions/generic.txlate: Fail
src: ip6tables-translate -A FORWARD ! -p 141
exp: nft 'add rule ip6 filter FORWARD meta l4proto != 141 counter'
res: nft 'add rule ip6 filter FORWARD meta l4proto != wesp counter'
Replace it with 253, which IANA reserves for testing and experimentation.
Fixes: fcaa99ca9e3c ("xtables-translate: Leverage stored protocol names")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'include/linux/netfilter/ipset')
0 files changed, 0 insertions, 0 deletions