nftables does not currently allow specifying protocols by number. Below
patch adds this capability.
Phil
Signed-off-by: Phil Oester <kernel@xxxxxxxxxxxx>
---
Note the errno include is duplicated in this patch and my earlier
"nftables: validate port number in inet_service_type_parse" patch.
diff --git a/src/datatype.c b/src/datatype.c
index 55368ee..0a1cf2d 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -11,6 +11,7 @@
#include <stdlib.h>
#include <string.h>
#include <inttypes.h>
+#include <errno.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <linux/types.h>
@@ -457,14 +458,28 @@ static struct error_record *inet_protocol_type_parse(const struct expr *sym,
struct expr **res)
{
struct protoent *p;
-
- p = getprotobyname(sym->identifier);
- if (p == NULL)
- return error(&sym->location, "Could not resolve protocol name");
+ uint8_t proto;
+ uintmax_t i;
+ char *end;
+
+ errno = 0;
+ i = strtoumax(sym->identifier, &end, 0);
+ if (sym->identifier != end && *end == '\0') {
+ if (errno == ERANGE || i > UINT8_MAX)
+ return error(&sym->location, "Protocol out of range");
+
+ proto = i;
+ } else {
+ p = getprotobyname(sym->identifier);
+ if (p == NULL)
+ return error(&sym->location, "Could not resolve protocol name");
+
+ proto = p->p_proto;
+ }
*res = constant_expr_alloc(&sym->location, &inet_protocol_type,
BYTEORDER_HOST_ENDIAN, BITS_PER_BYTE,
- &p->p_proto);
+ &proto);
return NULL;
}
