diff options
| author | Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> | 2022-06-24 17:01:26 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-27 12:03:13 +0200 |
| commit | 6bb04b945b3186ea54d5ba3cca1d19c044068c78 (patch) | |
| tree | cec30786d5bf535fa3be3db16c14f6bf46aff738 /src/conntrack.c | |
| parent | 9d5278391f0dd8e9e7390a5280979ccc40b502b8 (diff) | |
conntrack: fix -o save dump for unknown protocols
Make sure the protocol (-p) option is included in the -o save
ct entry dumps for L4 protocols unknown to the conntrack tool.
Do not use getprotobynumber for unknown protocols to ensure
"-o save" data incompatibility between hosts having different
/etc/protocols contents.
Include testcases covering the issue.
Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack.c')
| -rw-r--r-- | src/conntrack.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index e381543..d49ac1a 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -800,6 +800,7 @@ static int ct_save_snprintf(char *buf, size_t len, struct ctproto_handler *cur; uint8_t l3proto, l4proto; int tuple_attrs[4] = {}; + bool l4proto_set; unsigned i; int ret; @@ -860,6 +861,7 @@ static int ct_save_snprintf(char *buf, size_t len, l4proto = nfct_get_attr_u8(ct, ATTR_L4PROTO); + l4proto_set = false; /* is it in the list of supported protocol? */ list_for_each_entry(cur, &proto_list, head) { if (cur->protonum != l4proto) @@ -870,9 +872,16 @@ static int ct_save_snprintf(char *buf, size_t len, ret = ct_snprintf_opts(buf + offset, len, ct, cur->print_opts); BUFFER_SIZE(ret, size, len, offset); + + l4proto_set = true; break; } + if (!l4proto_set) { + ret = snprintf(buf + offset, len, "-p %d ", l4proto); + BUFFER_SIZE(ret, size, len, offset); + } + /* skip trailing space, if any */ for (; size && buf[size-1] == ' '; --size) buf[size-1] = '\0'; |