datatype: allow protocols by number in inet_protocol_type_parse

nftables does not currently allow specifying protocols by number.  Below
patch adds this capability.

Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/datatype.c b/src/datatype.c
index be328518f24f74fd0fc18045db72ba99f8ca31d9..932acc7d0793e6c6c82b8e1bf2f9ecedb006ad56 100644 (file)
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -458,14 +458,28 @@ static struct error_record *inet_protocol_type_parse(const struct expr *sym,
                                                     struct expr **res)
 {
        struct protoent *p;
+       uint8_t proto;
+       uintmax_t i;
+       char *end;
 
-       p = getprotobyname(sym->identifier);
-       if (p == NULL)
-               return error(&sym->location, "Could not resolve protocol name");
+       errno = 0;
+       i = strtoumax(sym->identifier, &end, 0);
+       if (sym->identifier != end && *end == '\0') {
+               if (errno == ERANGE || i > UINT8_MAX)
+                       return error(&sym->location, "Protocol out of range");
+
+               proto = i;
+       } else {
+               p = getprotobyname(sym->identifier);
+               if (p == NULL)
+                       return error(&sym->location, "Could not resolve protocol name");
+
+               proto = p->p_proto;
+       }
 
        *res = constant_expr_alloc(&sym->location, &inet_protocol_type,
                                   BYTEORDER_HOST_ENDIAN, BITS_PER_BYTE,
-                                  &p->p_proto);
+                                  &proto);
        return NULL;
 }