conntrack: fix filtering for unsupported protocol

This patch fixes filtering for unsupported protocol. Thus, you can
use -L -p 47 or -L -p gre to filter `gre' traffic.

Based on an initial patch from Bryan Duff <bduff@astrocorp.com>.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 37 insertions, 1 deletions

diff --git a/extensions/Makefile.am b/extensions/Makefile.am
index 0eede22..7b48f05 100644
--- a/extensions/Makefile.am
+++ b/extensions/Makefile.am
@@ -1,9 +1,11 @@
 include $(top_srcdir)/Make_global.am
 
 noinst_LTLIBRARIES = libct_proto_tcp.la libct_proto_udp.la \
-		     libct_proto_icmp.la libct_proto_icmpv6.la
+		     libct_proto_icmp.la libct_proto_icmpv6.la \
+		     libct_proto_unknown.la
 
 libct_proto_tcp_la_SOURCES = libct_proto_tcp.c
 libct_proto_udp_la_SOURCES = libct_proto_udp.c
 libct_proto_icmp_la_SOURCES = libct_proto_icmp.c
 libct_proto_icmpv6_la_SOURCES = libct_proto_icmpv6.c
+libct_proto_unknown_la_SOURCES = libct_proto_unknown.c
diff --git a/extensions/libct_proto_unknown.c b/extensions/libct_proto_unknown.c
new file mode 100644
index 0000000..2a47704
--- /dev/null
+++ b/extensions/libct_proto_unknown.c
@@ -0,0 +1,34 @@
+/*
+ * (C) 2005-2008 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ *      This program is free software; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ */
+#include <stdio.h>
+#include <getopt.h>
+
+#include "conntrack.h"
+
+static struct option opts[] = {
+        {0, 0, 0, 0}
+};
+
+static void help(void)
+{
+	fprintf(stdout, "  no options (unsupported)\n");
+}
+
+struct ctproto_handler ct_proto_unknown = {
+	.name 		= "unknown",
+	.help		= help,
+	.opts		= opts,
+	.version	= VERSION,
+};
+
+void register_unknown(void)
+{
+	/* we don't actually insert this protocol in the list */
+}