diff options
| author | Florian Westphal <[email protected]> | 2016-11-03 13:44:42 +0000 |
|---|---|---|
| committer | Pablo Neira Ayuso <[email protected]> | 2016-11-08 22:53:37 +0000 |
| commit | 6114cc516dcc0d311badb83ad7db5aa4b611bea6 (patch) | |
| tree | e1d791b97983fd274ea3c47219f953562efec2d3 /net/ipv6/tcp_ipv6.c | |
| parent | netfilter: connmark: ignore skbs with magic untracked conntrack objects (diff) | |
| download | kernel-6114cc516dcc0d311badb83ad7db5aa4b611bea6.tar.gz kernel-6114cc516dcc0d311badb83ad7db5aa4b611bea6.zip | |
netfilter: conntrack: fix CT target for UNSPEC helpers
Thomas reports its not possible to attach the H.245 helper:
iptables -t raw -A PREROUTING -p udp -j CT --helper H.245
iptables: No chain/target/match by that name.
xt_CT: No such helper "H.245"
This is because H.245 registers as NFPROTO_UNSPEC, but the CT target
passes NFPROTO_IPV4/IPV6 to nf_conntrack_helper_try_module_get.
We should treat UNSPEC as wildcard and ignore the l3num instead.
Reported-by: Thomas Woerner <[email protected]>
Signed-off-by: Florian Westphal <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
Diffstat (limited to 'net/ipv6/tcp_ipv6.c')
0 files changed, 0 insertions, 0 deletions