datatype: allow protocols by number in inet_protocol_type_parse

nftables does not currently allow specifying protocols by number.  Below
patch adds this capability.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 18 insertions, 4 deletions

diff --git a/src/datatype.c b/src/datatype.c
index be328518..932acc7d 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -458,14 +458,28 @@ static struct error_record *inet_protocol_type_parse(const struct expr *sym,
 						     struct expr **res)
 {
 	struct protoent *p;
+	uint8_t proto;
+	uintmax_t i;
+	char *end;
 
-	p = getprotobyname(sym->identifier);
-	if (p == NULL)
-		return error(&sym->location, "Could not resolve protocol name");
+	errno = 0;
+	i = strtoumax(sym->identifier, &end, 0);
+	if (sym->identifier != end && *end == '\0') {
+		if (errno == ERANGE || i > UINT8_MAX)
+			return error(&sym->location, "Protocol out of range");
+
+		proto = i;
+	} else {
+		p = getprotobyname(sym->identifier);
+		if (p == NULL)
+			return error(&sym->location, "Could not resolve protocol name");
+
+		proto = p->p_proto;
+	}
 
 	*res = constant_expr_alloc(&sym->location, &inet_protocol_type,
 				   BYTEORDER_HOST_ENDIAN, BITS_PER_BYTE,
-				   &p->p_proto);
+				   &proto);
 	return NULL;
 }