libxt_conntrack: fix --ctproto 0 output

First, we are missing XTOPT_PUT when trying to use XTOPT_POINTER.
(Next commit will flag this.) Furthermore, l4proto is of type
uint16_t, while XTTYPE_PROTOCOL wants a uint8_t so the idea would not
work => revert v1.4.12~1^2.

Bug goes back to v1.4.12~1^2.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>

diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index a4011252a820398a2f714ec89f799384048a2490..060b9477fa10552313ce7b86d3dddb17b8022710 100644 (file)
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -93,8 +93,7 @@ static const struct xt_option_entry conntrack_mt_opts_v0[] = {
        {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
         .flags = XTOPT_INVERT},
        {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
-        .flags = XTOPT_INVERT,
-        XTOPT_POINTER(s, tuple[IP_CT_DIR_ORIGINAL].dst.protonum)},
+        .flags = XTOPT_INVERT},
        {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOST,
         .flags = XTOPT_INVERT},
        {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOST,
@@ -117,7 +116,7 @@ static const struct xt_option_entry conntrack2_mt_opts[] = {
        {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
         .flags = XTOPT_INVERT},
        {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
-        .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)},
+        .flags = XTOPT_INVERT},
        {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
         .flags = XTOPT_INVERT},
        {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
@@ -149,7 +148,7 @@ static const struct xt_option_entry conntrack3_mt_opts[] = {
        {.name = "ctstate", .id = O_CTSTATE, .type = XTTYPE_STRING,
         .flags = XTOPT_INVERT},
        {.name = "ctproto", .id = O_CTPROTO, .type = XTTYPE_PROTOCOL,
-        .flags = XTOPT_INVERT, XTOPT_POINTER(s, l4proto)},
+        .flags = XTOPT_INVERT},
        {.name = "ctorigsrc", .id = O_CTORIGSRC, .type = XTTYPE_HOSTMASK,
         .flags = XTOPT_INVERT},
        {.name = "ctorigdst", .id = O_CTORIGDST, .type = XTTYPE_HOSTMASK,
@@ -336,6 +335,7 @@ static void conntrack_parse(struct xt_option_call *cb)
                        sinfo->invflags |= XT_CONNTRACK_STATE;
                break;
        case O_CTPROTO:
+               sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol;
                if (cb->invert)
                        sinfo->invflags |= XT_CONNTRACK_PROTO;
                if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
@@ -400,6 +400,7 @@ static void conntrack_mt_parse(struct xt_option_call *cb, uint8_t rev)
                        info->invert_flags |= XT_CONNTRACK_STATE;
                break;
        case O_CTPROTO:
+               info->l4proto = cb->val.protocol;
                if (info->l4proto == 0 && (info->invert_flags & XT_INV_PROTO))
                        xtables_error(PARAMETER_PROBLEM, "conntrack: rule would "
                                   "never match protocol");