From: hongbin wang <wh_bin@126.com>

/proc/net/nf_conntrack shows ah and esp as unknown.

Signed-off-by: hongbin wang <wh_bin@126.com>
---
 net/netfilter/nf_conntrack_standalone.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 502cf10aab41..29fb5a07a6c2 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -266,6 +266,8 @@ static const char* l4proto_name(u16 proto)
 	case IPPROTO_SCTP: return "sctp";
 	case IPPROTO_UDPLITE: return "udplite";
 	case IPPROTO_ICMPV6: return "icmpv6";
+	case IPPROTO_ESP: return "esp";
+	case IPPROTO_AH: return "ah";
 	}
 
 	return "unknown";
-- 
2.34.1

On Fri, Feb 21, 2025 at 10:21:53AM +0000, wh_bin@126.com wrote:
> From: hongbin wang <wh_bin@126.com>
> 
> /proc/net/nf_conntrack shows ah and esp as unknown.

there are no AH and ESP trackers in conntrack this far, that is why
they are shown as unknown.

> Signed-off-by: hongbin wang <wh_bin@126.com>
> ---
>  net/netfilter/nf_conntrack_standalone.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 502cf10aab41..29fb5a07a6c2 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -266,6 +266,8 @@ static const char* l4proto_name(u16 proto)
>  	case IPPROTO_SCTP: return "sctp";
>  	case IPPROTO_UDPLITE: return "udplite";
>  	case IPPROTO_ICMPV6: return "icmpv6";
> +	case IPPROTO_ESP: return "esp";
> +	case IPPROTO_AH: return "ah";
>  	}
>  
>  	return "unknown";
> -- 
> 2.34.1
>