diff options
author | Phil Oester <kernel@linuxace.com> | 2013-08-15 16:09:07 -0700 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-17 11:48:56 +0200 |
commit | 65f1710f78f251d7a6cb3ad69822137bc351e946 (patch) | |
tree | fb8351aeb3e0dd45beb83aab8ca8caab5827076b /src/datatype.c | |
parent | 5075879c3370f7d070b40c2f1c8e8039a187d046 (diff) |
datatype: allow protocols by number in inet_protocol_type_parse
nftables does not currently allow specifying protocols by number. Below
patch adds this capability.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/datatype.c')
-rw-r--r-- | src/datatype.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/datatype.c b/src/datatype.c index be328518..932acc7d 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -458,14 +458,28 @@ static struct error_record *inet_protocol_type_parse(const struct expr *sym, struct expr **res) { struct protoent *p; + uint8_t proto; + uintmax_t i; + char *end; - p = getprotobyname(sym->identifier); - if (p == NULL) - return error(&sym->location, "Could not resolve protocol name"); + errno = 0; + i = strtoumax(sym->identifier, &end, 0); + if (sym->identifier != end && *end == '\0') { + if (errno == ERANGE || i > UINT8_MAX) + return error(&sym->location, "Protocol out of range"); + + proto = i; + } else { + p = getprotobyname(sym->identifier); + if (p == NULL) + return error(&sym->location, "Could not resolve protocol name"); + + proto = p->p_proto; + } *res = constant_expr_alloc(&sym->location, &inet_protocol_type, BYTEORDER_HOST_ENDIAN, BITS_PER_BYTE, - &p->p_proto); + &proto); return NULL; } |