From 3a3bb480a738afb58aa36d4f5df91282d5712b9e Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Mon, 4 Mar 2019 16:53:46 +0100
Subject: extensions: connlabel: Fallback on missing connlabel.conf

If connlabel.conf was not found, fall back to manually parsing arguments
as plain numbers.

If nfct_labelmap_new() has failed, nfct_labelmap_get_name() segfaults.
Therefore make sure it is not called in connlabel_get_name() if that's
the case.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 extensions/libxt_connlabel.txlate | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'extensions/libxt_connlabel.txlate')

diff --git a/extensions/libxt_connlabel.txlate b/extensions/libxt_connlabel.txlate
index 5be42204..12e4ac03 100644
--- a/extensions/libxt_connlabel.txlate
+++ b/extensions/libxt_connlabel.txlate
@@ -1,5 +1,5 @@
-iptables-translate -A INPUT -m connlabel --label bit40
-nft add rule ip filter INPUT ct label bit40 counter
+iptables-translate -A INPUT -m connlabel --label 40
+nft add rule ip filter INPUT ct label 40 counter
 
-iptables-translate -A INPUT -m connlabel ! --label bit40 --set
-nft add rule ip filter INPUT ct label set bit40 ct label and bit40 != bit40 counter
+iptables-translate -A INPUT -m connlabel ! --label 40 --set
+nft add rule ip filter INPUT ct label set 40 ct label and 40 != 40 counter
-- 
cgit v1.2.3