diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-02-11 11:56:37 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2010-02-11 11:56:37 +0100 |
| commit | 73da80df0c3cf4175662b3da4dfbd3574d34f96a (patch) | |
| tree | 89f8d559125b58b6858e4f1acfdd82bba959a444 | |
| parent | 798189a68f6a377b1f23942ef6ebca51f5c2fa41 (diff) | |
conntrackd: fix UDP filtering in configuration file
UDP filtering was broken during the addition of the UDP-based
synchronization protocol that was introduced in 0.9.14. This
patch fixes the problem.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | doc/stats/conntrackd.conf | 1 | ||||
| -rw-r--r-- | doc/sync/alarm/conntrackd.conf | 1 | ||||
| -rw-r--r-- | doc/sync/ftfw/conntrackd.conf | 1 | ||||
| -rw-r--r-- | doc/sync/notrack/conntrackd.conf | 1 | ||||
| -rw-r--r-- | src/read_config_yy.y | 19 |
5 files changed, 23 insertions, 0 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf index 0941f64..22556a0 100644 --- a/doc/stats/conntrackd.conf +++ b/doc/stats/conntrackd.conf @@ -81,6 +81,7 @@ General { # Protocol Accept { TCP + # UDP } # diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf index 3424e39..9b7d8c6 100644 --- a/doc/sync/alarm/conntrackd.conf +++ b/doc/sync/alarm/conntrackd.conf @@ -332,6 +332,7 @@ General { TCP SCTP DCCP + # UDP # ICMP # This requires a Linux kernel >= 2.6.31 } diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf index df10aca..877ed68 100644 --- a/doc/sync/ftfw/conntrackd.conf +++ b/doc/sync/ftfw/conntrackd.conf @@ -357,6 +357,7 @@ General { TCP SCTP DCCP + # UDP # ICMP # This requires a Linux kernel >= 2.6.31 } diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf index f8bccc4..693209a 100644 --- a/doc/sync/notrack/conntrackd.conf +++ b/doc/sync/notrack/conntrackd.conf @@ -394,6 +394,7 @@ General { TCP SCTP DCCP + # UDP # ICMP # This requires a Linux kernel >= 2.6.31 } diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 6dfca98..5f4e6be 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -1221,6 +1221,25 @@ filter_protocol_item : T_TCP pent->p_proto); }; +filter_protocol_item : T_UDP +{ + struct protoent *pent; + + pent = getprotobyname("udp"); + if (pent == NULL) { + print_err(CTD_CFG_WARN, "getprotobyname() cannot find " + "protocol `udp' in /etc/protocols"); + break; + } + ct_filter_add_proto(STATE(us_filter), pent->p_proto); + + __kernel_filter_start(); + + nfct_filter_add_attr_u32(STATE(filter), + NFCT_FILTER_L4PROTO, + pent->p_proto); +}; + filter_item : T_ADDRESS T_ACCEPT '{' filter_address_list '}' { ct_filter_set_logic(STATE(us_filter), |