diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 1b6a6d44dd..229449c5ac 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -1007,9 +1007,11 @@
- Protocol=
+ IPProtocol=
- Specifies the protocol to match in forwarding information base (FIB) rules. Accepted values are tcp, udp and sctp.
+ Specifies the IP protocol to match in forwarding information base (FIB) rules. Takes IP protocol name such as tcp,
+ udp or sctp, or IP protocol number such as 6 for tcp or
+ 17 for udp.
Defaults to unset.
diff --git a/src/basic/af-list.c b/src/basic/af-list.c
index cf03dfc6d3..abad221d58 100644
--- a/src/basic/af-list.c
+++ b/src/basic/af-list.c
@@ -17,7 +17,7 @@ const char *af_to_name(int id) {
if (id <= 0)
return NULL;
- if (id >= (int) ELEMENTSOF(af_names))
+ if ((size_t) id >= ELEMENTSOF(af_names))
return NULL;
return af_names[id];
diff --git a/src/basic/arphrd-list.c b/src/basic/arphrd-list.c
index a6b8fa9d84..8652863cac 100644
--- a/src/basic/arphrd-list.c
+++ b/src/basic/arphrd-list.c
@@ -17,7 +17,7 @@ const char *arphrd_to_name(int id) {
if (id <= 0)
return NULL;
- if (id >= (int) ELEMENTSOF(arphrd_names))
+ if ((size_t) id >= ELEMENTSOF(arphrd_names))
return NULL;
return arphrd_names[id];
diff --git a/src/basic/cap-list.c b/src/basic/cap-list.c
index bfcda33520..29a17d9320 100644
--- a/src/basic/cap-list.c
+++ b/src/basic/cap-list.c
@@ -22,7 +22,7 @@ const char *capability_to_name(int id) {
if (id < 0)
return NULL;
- if (id >= (int) ELEMENTSOF(capability_names))
+ if ((size_t) id >= ELEMENTSOF(capability_names))
return NULL;
return capability_names[id];
@@ -37,7 +37,7 @@ int capability_from_name(const char *name) {
/* Try to parse numeric capability */
r = safe_atoi(name, &i);
if (r >= 0) {
- if (i >= 0 && i < (int) ELEMENTSOF(capability_names))
+ if (i >= 0 && (size_t) i < ELEMENTSOF(capability_names))
return i;
else
return -EINVAL;
diff --git a/src/basic/errno-list.c b/src/basic/errno-list.c
index 1b72bbf3ad..44cc570539 100644
--- a/src/basic/errno-list.c
+++ b/src/basic/errno-list.c
@@ -17,7 +17,7 @@ const char *errno_to_name(int id) {
if (id < 0)
id = -id;
- if (id >= (int) ELEMENTSOF(errno_names))
+ if ((size_t) id >= ELEMENTSOF(errno_names))
return NULL;
return errno_names[id];
diff --git a/src/core/dbus-socket.c b/src/core/dbus-socket.c
index 3819653908..37cf9d204c 100644
--- a/src/core/dbus-socket.c
+++ b/src/core/dbus-socket.c
@@ -8,10 +8,10 @@
#include "dbus-socket.h"
#include "dbus-util.h"
#include "fd-util.h"
+#include "ip-protocol-list.h"
#include "parse-util.h"
#include "path-util.h"
#include "socket.h"
-#include "socket-protocol-list.h"
#include "socket-util.h"
#include "string-util.h"
#include "unit.h"
@@ -138,14 +138,14 @@ static inline bool check_size_t_truncation(uint64_t t) {
return (size_t) t == t;
}
-static inline const char* supported_socket_protocol_to_string(int32_t i) {
+static inline const char* socket_protocol_to_string(int32_t i) {
if (i == IPPROTO_IP)
return "";
if (!IN_SET(i, IPPROTO_UDPLITE, IPPROTO_SCTP))
return NULL;
- return socket_protocol_to_name(i);
+ return ip_protocol_to_name(i);
}
static BUS_DEFINE_SET_TRANSIENT(int, "i", int32_t, int, "%" PRIi32);
@@ -155,7 +155,7 @@ static BUS_DEFINE_SET_TRANSIENT_PARSE(bind_ipv6_only, SocketAddressBindIPv6Only,
static BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(fdname, fdname_is_valid);
static BUS_DEFINE_SET_TRANSIENT_STRING_WITH_CHECK(ifname, ifname_valid);
static BUS_DEFINE_SET_TRANSIENT_TO_STRING_ALLOC(ip_tos, "i", int32_t, int, "%" PRIi32, ip_tos_to_string_alloc);
-static BUS_DEFINE_SET_TRANSIENT_TO_STRING(socket_protocol, "i", int32_t, int, "%" PRIi32, supported_socket_protocol_to_string);
+static BUS_DEFINE_SET_TRANSIENT_TO_STRING(socket_protocol, "i", int32_t, int, "%" PRIi32, socket_protocol_to_string);
static int bus_socket_set_transient_property(
Socket *s,
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 273d0b96fc..d1988190c2 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -34,6 +34,7 @@
#include "hexdecoct.h"
#include "io-util.h"
#include "ioprio.h"
+#include "ip-protocol-list.h"
#include "journal-util.h"
#include "load-fragment.h"
#include "log.h"
@@ -48,7 +49,6 @@
#include "securebits.h"
#include "securebits-util.h"
#include "signal-util.h"
-#include "socket-protocol-list.h"
#include "stat-util.h"
#include "string-util.h"
#include "strv.h"
@@ -57,13 +57,10 @@
#include "user-util.h"
#include "web-util.h"
-static int supported_socket_protocol_from_string(const char *s) {
+static int parse_socket_protocol(const char *s) {
int r;
- if (isempty(s))
- return IPPROTO_IP;
-
- r = socket_protocol_from_name(s);
+ r = parse_ip_protocol(s);
if (r < 0)
return r;
if (!IN_SET(r, IPPROTO_UDPLITE, IPPROTO_SCTP))
@@ -72,7 +69,7 @@ static int supported_socket_protocol_from_string(const char *s) {
return r;
}
-DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from_string, "Failed to parse socket protocol");
+DEFINE_CONFIG_PARSE(config_parse_socket_protocol, parse_socket_protocol, "Failed to parse socket protocol");
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
diff --git a/src/core/socket.c b/src/core/socket.c
index f725c9eb00..ba48a25641 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -24,6 +24,7 @@
#include "fs-util.h"
#include "in-addr-util.h"
#include "io-util.h"
+#include "ip-protocol-list.h"
#include "label.h"
#include "log.h"
#include "missing.h"
@@ -35,7 +36,6 @@
#include "serialize.h"
#include "signal-util.h"
#include "smack-util.h"
-#include "socket-protocol-list.h"
#include "socket.h"
#include "special.h"
#include "string-table.h"
@@ -814,7 +814,7 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) {
prefix, format_timespan(time_string, FORMAT_TIMESPAN_MAX, s->trigger_limit.interval, USEC_PER_SEC),
prefix, s->trigger_limit.burst);
- str = socket_protocol_to_name(s->socket_protocol);
+ str = ip_protocol_to_name(s->socket_protocol);
if (str)
fprintf(f, "%sSocketProtocol: %s\n", prefix, str);
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 378b63af8c..ed15d22178 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -101,7 +101,7 @@ RoutingPolicyRule.From, config_parse_routing_policy_rule_prefix,
RoutingPolicyRule.To, config_parse_routing_policy_rule_prefix, 0, 0
RoutingPolicyRule.IncomingInterface, config_parse_routing_policy_rule_device, 0, 0
RoutingPolicyRule.OutgoingInterface, config_parse_routing_policy_rule_device, 0, 0
-RoutingPolicyRule.Protocol, config_parse_routing_policy_rule_protocol, 0, 0
+RoutingPolicyRule.IPProtocol, config_parse_routing_policy_rule_ip_protocol, 0, 0
RoutingPolicyRule.SourcePort, config_parse_routing_policy_rule_port_range, 0, 0
RoutingPolicyRule.DestinationPort, config_parse_routing_policy_rule_port_range, 0, 0
Route.Gateway, config_parse_gateway, 0, 0
diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c
index e84612d41d..649876529e 100644
--- a/src/network/networkd-routing-policy-rule.c
+++ b/src/network/networkd-routing-policy-rule.c
@@ -6,11 +6,11 @@
#include "alloc-util.h"
#include "conf-parser.h"
#include "fileio.h"
+#include "ip-protocol-list.h"
#include "networkd-routing-policy-rule.h"
#include "netlink-util.h"
#include "networkd-manager.h"
#include "parse-util.h"
-#include "socket-protocol-list.h"
#include "socket-util.h"
#include "string-util.h"
#include "strv.h"
@@ -932,7 +932,7 @@ int config_parse_routing_policy_rule_port_range(
return 0;
}
-int config_parse_routing_policy_rule_protocol(
+int config_parse_routing_policy_rule_ip_protocol(
const char *unit,
const char *filename,
unsigned line,
@@ -958,14 +958,9 @@ int config_parse_routing_policy_rule_protocol(
if (r < 0)
return r;
- r = socket_protocol_from_name(rvalue);
+ r = parse_ip_protocol(rvalue);
if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule protocol, ignoring: %s", rvalue);
- return 0;
- }
-
- if (!IN_SET(r, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP)) {
- log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid protocol '%s'. Protocol should be tcp/udp/sctp, ignoring", rvalue);
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse IP protocol '%s' for routing policy rule, ignoring: %m", rvalue);
return 0;
}
diff --git a/src/network/networkd-routing-policy-rule.h b/src/network/networkd-routing-policy-rule.h
index 3bb3b4cd81..5665f9979b 100644
--- a/src/network/networkd-routing-policy-rule.h
+++ b/src/network/networkd-routing-policy-rule.h
@@ -79,4 +79,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_prefix);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_priority);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
-CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_protocol);
+CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_ip_protocol);
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 78a2be341c..625bebbe35 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -15,6 +15,7 @@
#include "hexdecoct.h"
#include "hostname-util.h"
#include "in-addr-util.h"
+#include "ip-protocol-list.h"
#include "list.h"
#include "locale-util.h"
#include "mountpoint-util.h"
@@ -25,7 +26,6 @@
#include "rlimit-util.h"
#include "securebits-util.h"
#include "signal-util.h"
-#include "socket-protocol-list.h"
#include "string-util.h"
#include "syslog-util.h"
#include "terminal-util.h"
@@ -103,7 +103,7 @@ DEFINE_BUS_APPEND_PARSE("i", parse_errno);
DEFINE_BUS_APPEND_PARSE("i", sched_policy_from_string);
DEFINE_BUS_APPEND_PARSE("i", secure_bits_from_string);
DEFINE_BUS_APPEND_PARSE("i", signal_from_string);
-DEFINE_BUS_APPEND_PARSE("i", socket_protocol_from_name);
+DEFINE_BUS_APPEND_PARSE("i", parse_ip_protocol);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, ioprio_parse_priority);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, parse_nice);
DEFINE_BUS_APPEND_PARSE_PTR("i", int32_t, int, safe_atoi);
@@ -1466,7 +1466,7 @@ static int bus_append_socket_property(sd_bus_message *m, const char *field, cons
if (streq(field, "SocketProtocol"))
- return bus_append_socket_protocol_from_name(m, field, eq);
+ return bus_append_parse_ip_protocol(m, field, eq);
if (STR_IN_SET(field,
"ListenStream", "ListenDatagram", "ListenSequentialPacket", "ListenNetlink",
diff --git a/src/shared/generate-socket-protocol-list.sh b/src/shared/generate-ip-protocol-list.sh
similarity index 100%
rename from src/shared/generate-socket-protocol-list.sh
rename to src/shared/generate-ip-protocol-list.sh
diff --git a/src/shared/ip-protocol-list.c b/src/shared/ip-protocol-list.c
new file mode 100644
index 0000000000..f0c4ddae2d
--- /dev/null
+++ b/src/shared/ip-protocol-list.c
@@ -0,0 +1,67 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include
+#include
+
+#include "alloc-util.h"
+#include "ip-protocol-list.h"
+#include "parse-util.h"
+#include "string-util.h"
+#include "macro.h"
+
+static const struct ip_protocol_name* lookup_ip_protocol(register const char *str, register GPERF_LEN_TYPE len);
+
+#include "ip-protocol-from-name.h"
+#include "ip-protocol-to-name.h"
+
+const char *ip_protocol_to_name(int id) {
+
+ if (id < 0)
+ return NULL;
+
+ if ((size_t) id >= ELEMENTSOF(ip_protocol_names))
+ return NULL;
+
+ return ip_protocol_names[id];
+}
+
+int ip_protocol_from_name(const char *name) {
+ const struct ip_protocol_name *sc;
+
+ assert(name);
+
+ sc = lookup_ip_protocol(name, strlen(name));
+ if (!sc)
+ return -EINVAL;
+
+ return sc->id;
+}
+
+int parse_ip_protocol(const char *s) {
+ _cleanup_free_ char *str = NULL;
+ int i, r;
+
+ assert(s);
+
+ if (isempty(s))
+ return IPPROTO_IP;
+
+ /* Do not use strdupa() here, as the input string may come from *
+ * command line or config files. */
+ str = strdup(s);
+ if (!str)
+ return -ENOMEM;
+
+ i = ip_protocol_from_name(ascii_strlower(str));
+ if (i >= 0)
+ return i;
+
+ r = safe_atoi(str, &i);
+ if (r < 0)
+ return r;
+
+ if (!ip_protocol_to_name(i))
+ return -EINVAL;
+
+ return i;
+}
diff --git a/src/shared/ip-protocol-list.h b/src/shared/ip-protocol-list.h
new file mode 100644
index 0000000000..5c94969695
--- /dev/null
+++ b/src/shared/ip-protocol-list.h
@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+#pragma once
+
+const char *ip_protocol_to_name(int id);
+int ip_protocol_from_name(const char *name);
+int parse_ip_protocol(const char *s);
diff --git a/src/shared/socket-protocol-to-name.awk b/src/shared/ip-protocol-to-name.awk
similarity index 62%
rename from src/shared/socket-protocol-to-name.awk
rename to src/shared/ip-protocol-to-name.awk
index 4848a7631a..824f811f5c 100644
--- a/src/shared/socket-protocol-to-name.awk
+++ b/src/shared/ip-protocol-to-name.awk
@@ -1,5 +1,5 @@
BEGIN{
- print "static const char* const socket_protocol_names[] = { "
+ print "static const char* const ip_protocol_names[] = { "
}
!/HOPOPTS/ {
printf " [IPPROTO_%s] = \"%s\",\n", $1, tolower($1)
diff --git a/src/shared/meson.build b/src/shared/meson.build
index c4da082316..20a537e3cf 100644
--- a/src/shared/meson.build
+++ b/src/shared/meson.build
@@ -129,8 +129,8 @@ shared_sources = files('''
serialize.h
sleep-config.c
sleep-config.h
- socket-protocol-list.c
- socket-protocol-list.h
+ ip-protocol-list.c
+ ip-protocol-list.h
spawn-ask-password-agent.c
spawn-ask-password-agent.h
spawn-polkit-agent.c
@@ -192,44 +192,45 @@ if conf.get('HAVE_KMOD') == 1
shared_sources += files('module-util.c')
endif
-generate_socket_protocol_list = find_program('generate-socket-protocol-list.sh')
-socket_protocol_list_txt = custom_target(
- 'socket-protocol-list.txt',
- output : 'socket-protocol-list.txt',
- command : [generate_socket_protocol_list, cpp],
+generate_ip_protocol_list = find_program('generate-ip-protocol-list.sh')
+ip_protocol_list_txt = custom_target(
+ 'ip-protocol-list.txt',
+ output : 'ip-protocol-list.txt',
+ command : [generate_ip_protocol_list, cpp],
capture : true)
-fname = 'socket-protocol-from-name.gperf'
+fname = 'ip-protocol-from-name.gperf'
gperf_file = custom_target(
fname,
- input : socket_protocol_list_txt,
+ input : ip_protocol_list_txt,
output : fname,
- command : [generate_gperfs, 'socket_protocol', 'IPPROTO_', '@INPUT@'],
+ command : [generate_gperfs, 'ip_protocol', 'IPPROTO_', '@INPUT@'],
capture : true)
-fname = 'socket-protocol-from-name.h'
+fname = 'ip-protocol-from-name.h'
target1 = custom_target(
fname,
input : gperf_file,
output : fname,
command : [gperf,
'-L', 'ANSI-C', '-t', '--ignore-case',
- '-N', 'lookup_socket_protocol',
- '-H', 'hash_socket_protocol_name',
+ '-N', 'lookup_ip_protocol',
+ '-H', 'hash_ip_protocol_name',
'-p', '-C',
'@INPUT@'],
capture : true)
-fname = 'socket-protocol-to-name.h'
-awkscript = 'socket-protocol-to-name.awk'
+fname = 'ip-protocol-to-name.h'
+awkscript = 'ip-protocol-to-name.awk'
target2 = custom_target(
fname,
- input : [awkscript, socket_protocol_list_txt],
+ input : [awkscript, ip_protocol_list_txt],
output : fname,
command : [awk, '-f', '@INPUT0@', '@INPUT1@'],
capture : true)
-shared_sources += [target1, target2]
+shared_generated_gperf_headers = [target1, target2]
+shared_sources += shared_generated_gperf_headers
libshared_name = 'systemd-shared-@0@'.format(meson.project_version())
diff --git a/src/shared/socket-protocol-list.c b/src/shared/socket-protocol-list.c
deleted file mode 100644
index 0a8570b7be..0000000000
--- a/src/shared/socket-protocol-list.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+ */
-
-#include
-#include
-#include
-
-#include "socket-protocol-list.h"
-#include "macro.h"
-
-static const struct socket_protocol_name* lookup_socket_protocol(register const char *str, register GPERF_LEN_TYPE len);
-
-#include "socket-protocol-from-name.h"
-#include "socket-protocol-to-name.h"
-
-const char *socket_protocol_to_name(int id) {
-
- if (id < 0)
- return NULL;
-
- if (id >= (int) ELEMENTSOF(socket_protocol_names))
- return NULL;
-
- return socket_protocol_names[id];
-}
-
-int socket_protocol_from_name(const char *name) {
- const struct socket_protocol_name *sc;
-
- assert(name);
-
- sc = lookup_socket_protocol(name, strlen(name));
- if (!sc)
- return -EINVAL;
-
- return sc->id;
-}
diff --git a/src/shared/socket-protocol-list.h b/src/shared/socket-protocol-list.h
deleted file mode 100644
index 08b36e1767..0000000000
--- a/src/shared/socket-protocol-list.h
+++ /dev/null
@@ -1,5 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+ */
-#pragma once
-
-const char *socket_protocol_to_name(int id);
-int socket_protocol_from_name(const char *name);
diff --git a/src/test/meson.build b/src/test/meson.build
index e29e27d63c..f1115d7b64 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -646,6 +646,11 @@ tests += [
[],
[]],
+ [['src/test/test-ip-protocol-list.c',
+ shared_generated_gperf_headers],
+ [],
+ []],
+
[['src/test/test-journal-importer.c'],
[],
[]],
diff --git a/src/test/test-ip-protocol-list.c b/src/test/test-ip-protocol-list.c
new file mode 100644
index 0000000000..79390e5289
--- /dev/null
+++ b/src/test/test-ip-protocol-list.c
@@ -0,0 +1,64 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include
+
+#include "macro.h"
+#include "ip-protocol-list.h"
+#include "stdio-util.h"
+#include "string-util.h"
+
+static void test_int(int i) {
+ char str[DECIMAL_STR_MAX(int)];
+
+ assert_se(ip_protocol_from_name(ip_protocol_to_name(i)) == i);
+
+ xsprintf(str, "%i", i);
+ assert_se(ip_protocol_from_name(ip_protocol_to_name(parse_ip_protocol(str))) == i);
+}
+
+static void test_int_fail(int i) {
+ char str[DECIMAL_STR_MAX(int)];
+
+ assert_se(!ip_protocol_to_name(i));
+
+ xsprintf(str, "%i", i);
+ assert_se(parse_ip_protocol(str) == -EINVAL);
+}
+
+static void test_str(const char *s) {
+ assert_se(streq(ip_protocol_to_name(ip_protocol_from_name(s)), s));
+ assert_se(streq(ip_protocol_to_name(parse_ip_protocol(s)), s));
+}
+
+static void test_str_fail(const char *s) {
+ assert_se(ip_protocol_from_name(s) == -EINVAL);
+ assert_se(parse_ip_protocol(s) == -EINVAL);
+}
+
+static void test_parse_ip_protocol(const char *s, int expected) {
+ assert_se(parse_ip_protocol(s) == expected);
+}
+
+int main(int argc, const char *argv[]) {
+ test_int(IPPROTO_TCP);
+ test_int(IPPROTO_DCCP);
+ test_int_fail(-1);
+ test_int_fail(1024 * 1024);
+
+ test_str("sctp");
+ test_str("udp");
+ test_str_fail("hoge");
+ test_str_fail("-1");
+ test_str_fail("1000000000");
+
+ test_parse_ip_protocol("sctp", IPPROTO_SCTP);
+ test_parse_ip_protocol("ScTp", IPPROTO_SCTP);
+ test_parse_ip_protocol("ip", IPPROTO_IP);
+ test_parse_ip_protocol("", IPPROTO_IP);
+ test_parse_ip_protocol("1", 1);
+ test_parse_ip_protocol("0", 0);
+ test_parse_ip_protocol("-10", -EINVAL);
+ test_parse_ip_protocol("100000000", -EINVAL);
+
+ return 0;
+}
diff --git a/test/fuzz/fuzz-network-parser/25-fibrule-port-range.network b/test/fuzz/fuzz-network-parser/25-fibrule-port-range.network
index b0502175f3..36646ec0ff 100644
--- a/test/fuzz/fuzz-network-parser/25-fibrule-port-range.network
+++ b/test/fuzz/fuzz-network-parser/25-fibrule-port-range.network
@@ -8,4 +8,4 @@ From= 192.168.100.18
Priority=111
SourcePort = 1123-1150
DestinationPort = 3224-3290
-Protocol = tcp
+IPProtocol = tcp
diff --git a/test/fuzz/fuzz-network-parser/directives.network b/test/fuzz/fuzz-network-parser/directives.network
index 7508f693dd..8ea809a7e1 100644
--- a/test/fuzz/fuzz-network-parser/directives.network
+++ b/test/fuzz/fuzz-network-parser/directives.network
@@ -152,7 +152,7 @@ Priority=
FirewallMark=
SourcePort=
DestinationPort=
-Protocol=
+IPProtocol=
[IPv6PrefixDelegation]
RouterPreference=
DNSLifetimeSec=
diff --git a/test/test-network/conf/25-fibrule-port-range.network b/test/test-network/conf/25-fibrule-port-range.network
index b0502175f3..36646ec0ff 100644
--- a/test/test-network/conf/25-fibrule-port-range.network
+++ b/test/test-network/conf/25-fibrule-port-range.network
@@ -8,4 +8,4 @@ From= 192.168.100.18
Priority=111
SourcePort = 1123-1150
DestinationPort = 3224-3290
-Protocol = tcp
+IPProtocol = tcp