diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-07-08 13:18:20 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-07-11 11:38:17 +0200 |
commit | ba532383541d9eeeae6c3689df9f6813a4e44b03 (patch) | |
tree | 76d7177cbde40c9074c82c7a27611511d92dc7a9 /src | |
parent | 31b92b5f813aec80ababdcd7850d2af981fe2a5c (diff) |
conntrack: use IPPROTO_RAW
IPPROTO_MPTCP defeats the purpose of IPPROTO_MAX to check for the
maximum layer 4 protocol supported in the IP header.
Use IPPROTO_RAW (255) instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index 33f6023..4afccde 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -840,7 +840,7 @@ static int parse_proto_num(const char *str) long val; val = strtol(str, &endptr, 0); - if (val >= IPPROTO_MAX || + if (val > IPPROTO_RAW || val < 0 || endptr == str || *endptr != '\0') |