Fix udp support

2 files changed, 49 insertions, 0 deletions

diff --git a/debian/patches/00list b/debian/patches/00list
new file mode 100644
index 0000000..8c83bcc
--- /dev/null
+++ b/debian/patches/00list
@@ -0,0 +1 @@
+10-fix_udp_support
diff --git a/debian/patches/10-fix_udp_support.dpatch b/debian/patches/10-fix_udp_support.dpatch
new file mode 100755
index 0000000..4eed834
--- /dev/null
+++ b/debian/patches/10-fix_udp_support.dpatch
@@ -0,0 +1,48 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10-fix_udp_support.dpatch by Pablo Neira Ayuso <pablo@netfilter.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: conntrackd: fix UDP filtering in configuration file
+## DP: picked from the conntrack mailinglist
+
+@DPATCH@
+diff -urNad conntrack-0.9.14~/doc/sync/ftfw/conntrackd.conf conntrack-0.9.14/doc/sync/ftfw/conntrackd.conf
+--- conntrack-0.9.14~/doc/sync/ftfw/conntrackd.conf	2009-12-23 18:14:01.000000000 +0100
++++ conntrack-0.9.14/doc/sync/ftfw/conntrackd.conf	2010-02-12 16:23:53.000000000 +0100
+@@ -357,6 +357,7 @@
+ 			TCP
+ 			SCTP
+ 			DCCP
++			# UDP
+ 			# ICMP # This requires a Linux kernel >= 2.6.31
+ 		}
+ 
+diff -urNad conntrack-0.9.14~/src/read_config_yy.y conntrack-0.9.14/src/read_config_yy.y
+--- conntrack-0.9.14~/src/read_config_yy.y	2009-12-23 19:45:51.000000000 +0100
++++ conntrack-0.9.14/src/read_config_yy.y	2010-02-12 16:23:53.000000000 +0100
+@@ -1221,6 +1221,25 @@
+ 				 pent->p_proto);
+ };
+ 
++filter_protocol_item : T_UDP
++{
++	struct protoent *pent;
++
++	pent = getprotobyname("udp");
++	if (pent == NULL) {
++		print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
++					"protocol `udp' in /etc/protocols");
++		break;
++	}
++	ct_filter_add_proto(STATE(us_filter), pent->p_proto);
++
++	__kernel_filter_start();
++
++	nfct_filter_add_attr_u32(STATE(filter),
++				 NFCT_FILTER_L4PROTO,
++				 pent->p_proto);
++};
++
+ filter_item : T_ADDRESS T_ACCEPT '{' filter_address_list '}'
+ {
+ 	ct_filter_set_logic(STATE(us_filter),