nf_conntrack_proto_generic, assigned to 0

nf_conntrack_proto_generic, assigned to 0

[Christoph Paasch]

Hi,

while reading through the source-code I remarked, that for the generic l4 
protocol handler (nf_conntrack_proto_generic.c)  the protocol number 0 is 
used. While linux/in.h defines IPPROTO_IP = 0 (and says "a dummy protocol for 
tcp", whatever that may mean), in net/ipv6.h, the protocol 0 is used for the 
hop-by-hop header. And as IANA states, 0 is assigned to the IPv6 Hop-by-hop 
option.

Even, if netfilter doesn't tracks the hop-by-hop protocol, it shouldn't use 
this number for the generic protocol handler, because this might be confusing.
In my opinion, 255 should be used, which is assigned as "Reserved" by IANA.

What do you think?

--
Christoph Paasch

École Polytechnique de Louvain
Département d'ingénierie informatique

www.rollerbulls.be
--
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: nf_conntrack_proto_generic, assigned to 0

[Patrick McHardy]

Christoph Paasch wrote:
> Hi,
> 
> while reading through the source-code I remarked, that for the generic l4 
> protocol handler (nf_conntrack_proto_generic.c)  the protocol number 0 is 
> used. While linux/in.h defines IPPROTO_IP = 0 (and says "a dummy protocol for 
> tcp", whatever that may mean), in net/ipv6.h, the protocol 0 is used for the 
> hop-by-hop header. And as IANA states, 0 is assigned to the IPv6 Hop-by-hop 
> option.
> 
> Even, if netfilter doesn't tracks the hop-by-hop protocol, it shouldn't use 
> this number for the generic protocol handler, because this might be confusing.
> In my opinion, 255 should be used, which is assigned as "Reserved" by IANA.
> 
> What do you think?

It doesn't make a difference currently since in both cases we'd use
generic for HBH. But I think you're suggestion makes sense, could
you send a patch for this?

[PATCH] netfilter: changed generic l4 protocol number

[Christoph Paasch]

0 is used by Hop-by-hop header and so this may cause confusion.
255 is stated as 'Reserved' by IANA.

Signed-off-by: Christoph Paasch <christoph.paasch@student.uclouvain.be>
---
 net/netfilter/nf_conntrack_proto_generic.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/nf_conntrack_proto_generic.c 
b/net/netfilter/nf_conntrack_proto_generic.c
index 4be80d7..829374f 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -92,7 +92,7 @@ static struct ctl_table generic_compat_sysctl_table[] = {
 struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
 {
        .l3proto                = PF_UNSPEC,
-       .l4proto                = 0,
+       .l4proto                = 255,
        .name                   = "unknown",
        .pkt_to_tuple           = generic_pkt_to_tuple,
        .invert_tuple           = generic_invert_tuple,
--
1.5.6.3

Re: [PATCH] netfilter: changed generic l4 protocol number

[Patrick McHardy]

Christoph Paasch wrote:
> 0 is used by Hop-by-hop header and so this may cause confusion.
> 255 is stated as 'Reserved' by IANA.

Applied, thanks.