conntrackd: fix UDP filtering in configuration file

UDP filtering was broken during the addition of the UDP-based synchronization protocol that was introduced in 0.9.14. This patch fixes the problem. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2010-02-11 11:56:37 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2010-02-11 11:56:37 +0100
commit: 73da80df0c3cf4175662b3da4dfbd3574d34f96a (patch)
tree: 89f8d559125b58b6858e4f1acfdd82bba959a444 /src
parent: 798189a68f6a377b1f23942ef6ebca51f5c2fa41 (diff)
download: conntrack-tools-73da80df0c3cf4175662b3da4dfbd3574d34f96a.tar.gz
conntrack-tools-73da80df0c3cf4175662b3da4dfbd3574d34f96a.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 6dfca98..5f4e6be 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -1221,6 +1221,25 @@ filter_protocol_item : T_TCP
 				 pent->p_proto);
 };
 
+filter_protocol_item : T_UDP
+{
+	struct protoent *pent;
+
+	pent = getprotobyname("udp");
+	if (pent == NULL) {
+		print_err(CTD_CFG_WARN, "getprotobyname() cannot find "
+					"protocol `udp' in /etc/protocols");
+		break;
+	}
+	ct_filter_add_proto(STATE(us_filter), pent->p_proto);
+
+	__kernel_filter_start();
+
+	nfct_filter_add_attr_u32(STATE(filter),
+				 NFCT_FILTER_L4PROTO,
+				 pent->p_proto);
+};
+
 filter_item : T_ADDRESS T_ACCEPT '{' filter_address_list '}'
 {
 	ct_filter_set_logic(STATE(us_filter),
author	Pablo Neira Ayuso <pablo@netfilter.org>	2010-02-11 11:56:37 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2010-02-11 11:56:37 +0100
commit	73da80df0c3cf4175662b3da4dfbd3574d34f96a (patch)
tree	89f8d559125b58b6858e4f1acfdd82bba959a444 /src
parent	798189a68f6a377b1f23942ef6ebca51f5c2fa41 (diff)
download	conntrack-tools-73da80df0c3cf4175662b3da4dfbd3574d34f96a.tar.gz conntrack-tools-73da80df0c3cf4175662b3da4dfbd3574d34f96a.zip