conntrack: use IPPROTO_RAW

IPPROTO_MPTCP defeats the purpose of IPPROTO_MAX to check for the maximum layer 4 protocol supported in the IP header. Use IPPROTO_RAW (255) instead. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-07-08 13:18:20 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-07-11 11:38:17 +0200
commit: ba532383541d9eeeae6c3689df9f6813a4e44b03 (patch)
tree: 76d7177cbde40c9074c82c7a27611511d92dc7a9 /src
parent: 31b92b5f813aec80ababdcd7850d2af981fe2a5c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index 33f6023..4afccde 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -840,7 +840,7 @@ static int parse_proto_num(const char *str)
 	long val;
 
 	val = strtol(str, &endptr, 0);
-	if (val >= IPPROTO_MAX ||
+	if (val > IPPROTO_RAW ||
 	    val < 0 ||
 	    endptr == str ||
 	    *endptr != '\0')
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-07-08 13:18:20 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-07-11 11:38:17 +0200
commit	ba532383541d9eeeae6c3689df9f6813a4e44b03 (patch)
tree	76d7177cbde40c9074c82c7a27611511d92dc7a9 /src
parent	31b92b5f813aec80ababdcd7850d2af981fe2a5c (diff)