summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_connlabel.txlate
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2019-03-04 16:53:46 +0100
committerFlorian Westphal <fw@strlen.de>2019-03-08 16:35:36 +0100
commit3a3bb480a738afb58aa36d4f5df91282d5712b9e (patch)
tree5ffe545a83723f1ab10fc0cc37bf791f0d6b774c /extensions/libxt_connlabel.txlate
parent06da3ab2c818b15304a285a798eaaf16ebf375ea (diff)
extensions: connlabel: Fallback on missing connlabel.conf
If connlabel.conf was not found, fall back to manually parsing arguments as plain numbers. If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults. Therefore make sure it is not called in connlabel_get_name() if that's the case. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'extensions/libxt_connlabel.txlate')
-rw-r--r--extensions/libxt_connlabel.txlate8
1 files changed, 4 insertions, 4 deletions
diff --git a/extensions/libxt_connlabel.txlate b/extensions/libxt_connlabel.txlate
index 5be42204..12e4ac03 100644
--- a/extensions/libxt_connlabel.txlate
+++ b/extensions/libxt_connlabel.txlate
@@ -1,5 +1,5 @@
-iptables-translate -A INPUT -m connlabel --label bit40
-nft add rule ip filter INPUT ct label bit40 counter
+iptables-translate -A INPUT -m connlabel --label 40
+nft add rule ip filter INPUT ct label 40 counter
-iptables-translate -A INPUT -m connlabel ! --label bit40 --set
-nft add rule ip filter INPUT ct label set bit40 ct label and bit40 != bit40 counter
+iptables-translate -A INPUT -m connlabel ! --label 40 --set
+nft add rule ip filter INPUT ct label set 40 ct label and 40 != 40 counter