summaryrefslogtreecommitdiff
path: root/src/nfct-extensions
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-09-30 16:06:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-09-30 17:01:04 +0200
commitb495e1d22faff636589a9646fbd4bb30902d3542 (patch)
tree424dd8756d422ee7da5c93d5dc3ffd1622d4b5eb /src/nfct-extensions
parentecfe6e93016559fdd18013ab5a2e1f200d330310 (diff)
downloadconntrack-tools-b495e1d22faff636589a9646fbd4bb30902d3542.tar.gz
conntrack-tools-b495e1d22faff636589a9646fbd4bb30902d3542.zip
nfct: timeout: use getprotoent
The kernel bails out for unsupported protocols. Moreover, we don't need to upgrade to support new protocols. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/nfct-extensions')
-rw-r--r--src/nfct-extensions/timeout.c40
1 files changed, 18 insertions, 22 deletions
diff --git a/src/nfct-extensions/timeout.c b/src/nfct-extensions/timeout.c
index dde489a..7811bb2 100644
--- a/src/nfct-extensions/timeout.c
+++ b/src/nfct-extensions/timeout.c
@@ -19,6 +19,7 @@
#include <unistd.h>
#include <time.h>
#include <netinet/in.h>
+#include <netdb.h>
#include <errno.h>
#include <libmnl/libmnl.h>
@@ -184,6 +185,7 @@ int nfct_cmd_timeout_add(int argc, char *argv[])
uint8_t l4proto;
int ret, i;
unsigned int j;
+ struct protoent *pent;
if (argc < 6) {
nfct_perror("missing parameters\n"
@@ -211,28 +213,22 @@ int nfct_cmd_timeout_add(int argc, char *argv[])
}
nfct_timeout_attr_set_u16(t, NFCT_TIMEOUT_ATTR_L3PROTO, l3proto);
- if (strcmp(argv[5], "tcp") == 0)
- l4proto = IPPROTO_TCP;
- else if (strcmp(argv[5], "udp") == 0)
- l4proto = IPPROTO_UDP;
- else if (strcmp(argv[5], "udplite") == 0)
- l4proto = IPPROTO_UDPLITE;
- else if (strcmp(argv[5], "sctp") == 0)
- l4proto = IPPROTO_SCTP;
- else if (strcmp(argv[5], "dccp") == 0)
- l4proto = IPPROTO_DCCP;
- else if (strcmp(argv[5], "icmp") == 0)
- l4proto = IPPROTO_ICMP;
- else if (strcmp(argv[5], "icmpv6") == 0)
- l4proto = IPPROTO_ICMPV6;
- else if (strcmp(argv[5], "gre") == 0)
- l4proto = IPPROTO_GRE;
- else if (strcmp(argv[5], "generic") == 0)
- l4proto = IPPROTO_RAW;
- else {
- nfct_perror("unknown layer 4 protocol");
- return -1;
- }
+ pent = getprotobyname(argv[5]);
+ if (!pent) {
+ /* In Debian, /etc/protocols says ipv6-icmp. Support icmpv6
+ * as well not to break backward compatibility.
+ */
+ if (strcmp(argv[5], "icmpv6") == 0)
+ l4proto = IPPROTO_ICMPV6;
+ else if (strcmp(argv[5], "generic") == 0)
+ l4proto = IPPROTO_RAW;
+ else {
+ nfct_perror("unknown layer 4 protocol");
+ return -1;
+ }
+ } else
+ l4proto = pent->p_proto;
+
nfct_timeout_attr_set_u8(t, NFCT_TIMEOUT_ATTR_L4PROTO, l4proto);
for (i=6; i<argc; i+=2) {