summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorJeremy Sowden <jeremy@azazel.net>2022-12-23 12:38:06 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2023-01-11 18:48:24 +0100
commitd235d8a2bcb1568fcd235b4c3332a73c579282ee (patch)
tree991e93b0b3e49f7891f8bb16a3424ff34250a7ca /include
parentdafcf4a4199f99779ba3d700ec3b046762410205 (diff)
conntrack: increase the length of `l4proto_map`
With addition of MPTCP `IPPROTO_MAX` is greater than 256, so extend the array to account for the new upper bound. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/internal/object.h10
1 files changed, 6 insertions, 4 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 75ffdbe..b919f57 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -6,6 +6,7 @@
#ifndef _NFCT_OBJECT_H_
#define _NFCT_OBJECT_H_
+#include <internal/bitops.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
/*
@@ -223,12 +224,13 @@ struct nfct_filter {
enum nfct_filter_logic logic[NFCT_FILTER_MAX];
/*
- * This the layer 4 protocol map for filtering. Not more than
- * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually,
- * I doubt that anyone can reach such a limit.
+ * This the layer 4 protocol map for filtering. Not more than 255
+ * protocols. Although IPPROTO_MAX is currently 263, there are many
+ * fewer protocols defined in netinet/in.h, so no one should reach this
+ * limit.
*/
#define __FILTER_L4PROTO_MAX 255
- uint32_t l4proto_map[IPPROTO_MAX/32];
+ uint32_t l4proto_map[DIV_ROUND_UP(IPPROTO_MAX, 32)];
uint32_t l4proto_len;
struct {