IPPROTO_MPTCP defeats the purpose of IPPROTO_MAX to check for the maximum layer 4 protocol supported in the IP header. Use IPPROTO_RAW (255) instead. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/conntrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/conntrack.c b/src/conntrack.c index 33f60239580f..4afccde4b027 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -840,7 +840,7 @@ static int parse_proto_num(const char *str) long val; val = strtol(str, &endptr, 0); - if (val >= IPPROTO_MAX || + if (val > IPPROTO_RAW || val < 0 || endptr == str || *endptr != '\0') -- 2.30.2
