diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2022-12-23 12:38:06 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-01-11 18:48:24 +0100 |
commit | d235d8a2bcb1568fcd235b4c3332a73c579282ee (patch) | |
tree | 991e93b0b3e49f7891f8bb16a3424ff34250a7ca /include | |
parent | dafcf4a4199f99779ba3d700ec3b046762410205 (diff) |
conntrack: increase the length of `l4proto_map`
With addition of MPTCP `IPPROTO_MAX` is greater than 256, so extend the
array to account for the new upper bound.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/object.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 75ffdbe..b919f57 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -6,6 +6,7 @@ #ifndef _NFCT_OBJECT_H_ #define _NFCT_OBJECT_H_ +#include <internal/bitops.h> #include <libnetfilter_conntrack/libnetfilter_conntrack.h> /* @@ -223,12 +224,13 @@ struct nfct_filter { enum nfct_filter_logic logic[NFCT_FILTER_MAX]; /* - * This the layer 4 protocol map for filtering. Not more than - * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually, - * I doubt that anyone can reach such a limit. + * This the layer 4 protocol map for filtering. Not more than 255 + * protocols. Although IPPROTO_MAX is currently 263, there are many + * fewer protocols defined in netinet/in.h, so no one should reach this + * limit. */ #define __FILTER_L4PROTO_MAX 255 - uint32_t l4proto_map[IPPROTO_MAX/32]; + uint32_t l4proto_map[DIV_ROUND_UP(IPPROTO_MAX, 32)]; uint32_t l4proto_len; struct { |