Reject ip as a IP protocol value

The name ip exists in /etc/protocols as a pseudonym for all IP protocols.
But the Qos match logic doesn't support it so do not allow the user to
choose that value
Bug 5689

2 files changed, 7 insertions, 3 deletions

diff --git a/lib/Vyatta/Qos/Util.pm b/lib/Vyatta/Qos/Util.pm
index 9686120..8649a72 100644
--- a/lib/Vyatta/Qos/Util.pm
+++ b/lib/Vyatta/Qos/Util.pm
@@ -206,14 +206,18 @@ sub getProtocol {
 
     defined $str or return;
     if ( $str =~ /^([0-9]+)|(0x[0-9a-fA-F]+)$/ ) {
-        if ( $str < 0 || $str > 255 ) {
+        if ( $str <= 0 || $str > 255 ) {
             die "$str is not a valid protocol number\n";
         }
         return $str;
     }
 
     my ( $name, $aliases, $proto ) = getprotobyname($str);
-    ( defined $proto ) or die "\"$str\" unknown protocol\n";
+    die "\"$str\" unknown protocol\n"
+	unless $proto;
+    die "$name is not usable as an IP protocol match\n"
+	if ($proto == 0);
+
     return $proto;
 }
 
diff --git a/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def b/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def
index 9c665c2..2405ca6 100644
--- a/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def
+++ b/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def
@@ -3,7 +3,7 @@ help: Match IP protocol name or number
 syntax:expression: exec "/opt/vyatta/sbin/vyatta-qos-util.pl --protocol $VAR(@)" 
 allowed: awk '
 	/^#/ { next }
-	     { printf "%s ", $1 }' </etc/protocols
+	     { if($1 != "ip") printf "%s ", $1 }' </etc/protocols
 comp_help: <0-255> IP protocol value or name
 Common names:
 	icmp	 Internet Control Message Protocol