From ba532383541d9eeeae6c3689df9f6813a4e44b03 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 8 Jul 2022 13:18:20 +0200
Subject: conntrack: use IPPROTO_RAW

IPPROTO_MPTCP defeats the purpose of IPPROTO_MAX to check for the
maximum layer 4 protocol supported in the IP header.

Use IPPROTO_RAW (255) instead.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/conntrack.c b/src/conntrack.c
index 33f6023..4afccde 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -840,7 +840,7 @@ static int parse_proto_num(const char *str)
 	long val;
 
 	val = strtol(str, &endptr, 0);
-	if (val >= IPPROTO_MAX ||
+	if (val > IPPROTO_RAW ||
 	    val < 0 ||
 	    endptr == str ||
 	    *endptr != '\0')
-- 
cgit v1.2.3