From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Cc: Robert O'Brien <robrien@foxtrot-research.com>
Subject: [PATCH ulogd2 0/3] IP Address Formatting Fixes
Date: Sun, 27 Nov 2022 00:22:57 +0000 [thread overview]
Message-ID: <20221127002300.191936-1-jeremy@azazel.net> (raw)
Robert O'Brien reported a bug in the output of the source and target IP
addresses of ARP packets using the GPRINT output plug-in and proposed a
fix for that particular bug:
https://lore.kernel.org/netfilter-devel/005601d8f532$49cd7080$dd685180$@foxtrot-research.com/
It transpires that there are a number of incorrect assumptions about the
format of IP addresses in the code-base. In a couple of places there
are endianness mismatches, but more commonly it is assumed that all IP
addresses are IPv4.
This series fixes a couple of things I noticed during triage, and then
converts all addresses internally to IPv6, using IPv4-in-IPv6 format for
IPv4 addresses, converting them back to IPv4 where necessary (e.g., on
output).
Things to note.
1. Previously IP2HBIN passed IPv6 address through unmodified. Now it
ignores them altogether.
2. The GPRINT and OPRINT plug-ins now use `inet_ntop` to format
addresses and handle IPv6 address correctly.
3. The SQL output plug-ins, which previously output garbage for IPv6
addresses, now output NULL.
Patch 1 fixes a misspelt variable.
Patch 2 adds some missing int64_t support.
Patch 3 contains the IP address changes.
Jeremy Sowden (3):
filter: IP2BIN: correct spelling of variable
output: add missing support for int64_t values
src: keep IPv4 addresses internally in IPv4-in-IPv6 format
filter/raw2packet/ulogd_raw2packet_BASE.c | 24 +++++--
filter/ulogd_filter_IP2BIN.c | 39 +++-------
filter/ulogd_filter_IP2HBIN.c | 13 ++--
filter/ulogd_filter_IP2STR.c | 5 +-
include/ulogd/ulogd.h | 52 ++++++++++++++
input/flow/ulogd_inpflow_NFCT.c | 24 ++++---
output/ipfix/ulogd_output_IPFIX.c | 4 +-
output/sqlite3/ulogd_output_SQLITE3.c | 24 +++++--
output/ulogd_output_GPRINT.c | 38 +++++++---
output/ulogd_output_JSON.c | 3 +
output/ulogd_output_OPRINT.c | 87 +++++++++++++----------
src/ulogd.c | 3 +-
util/db.c | 18 +++--
13 files changed, 219 insertions(+), 115 deletions(-)
--
2.35.1
next reply other threads:[~2022-11-27 0:23 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-27 0:22 Jeremy Sowden [this message]
2022-11-27 0:22 ` [PATCH ulogd2 1/3] filter: IP2BIN: correct spelling of variable Jeremy Sowden
2022-12-08 21:45 ` Pablo Neira Ayuso
2022-11-27 0:22 ` [PATCH ulogd2 2/3] output: add missing support for int64_t values Jeremy Sowden
2022-12-08 21:45 ` Pablo Neira Ayuso
2022-11-27 0:23 ` [PATCH ulogd2 3/3] src: keep IPv4 addresses internally in IPv4-in-IPv6 format Jeremy Sowden
2022-12-08 21:45 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221127002300.191936-1-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=robrien@foxtrot-research.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.