Re: [PATCH] netfilter: conntrack do not print ah and esp as unknown via /proc
From: Pablo Neira Ayuso
Date: Fri Feb 21 2025 - 05:54:30 EST
On Fri, Feb 21, 2025 at 10:21:53AM +0000, wh_bin@xxxxxxx wrote:
> From: hongbin wang <wh_bin@xxxxxxx>
>
> /proc/net/nf_conntrack shows ah and esp as unknown.
there are no AH and ESP trackers in conntrack this far, that is why
they are shown as unknown.
> Signed-off-by: hongbin wang <wh_bin@xxxxxxx>
> ---
> net/netfilter/nf_conntrack_standalone.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 502cf10aab41..29fb5a07a6c2 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -266,6 +266,8 @@ static const char* l4proto_name(u16 proto)
> case IPPROTO_SCTP: return "sctp";
> case IPPROTO_UDPLITE: return "udplite";
> case IPPROTO_ICMPV6: return "icmpv6";
> + case IPPROTO_ESP: return "esp";
> + case IPPROTO_AH: return "ah";
> }
>
> return "unknown";
> --
> 2.34.1
>