[conntrack-tools] udp: fix missing scope_id in the socket creation
Pablo Neira
netfilter-cvslog-bounces at lists.netfilter.org
Fri Mar 20 14:06:38 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=f7b4b7bd19b16d11491f18891942f6d48c2fcf7e
commit f7b4b7bd19b16d11491f18891942f6d48c2fcf7e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Fri Mar 20 14:05:31 2009 +0100
Commit: Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Fri Mar 20 14:05:31 2009 +0100
udp: fix missing scope_id in the socket creation
This patch fixes an EINVAL error returned by bind() when opening
an UDP server socket to propagate state-changes over the dedicated
link. This patch also includes the change of the example
configuration files in case that you want to use UDP over IPv6.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
via f7b4b7bd19b16d11491f18891942f6d48c2fcf7e (commit)
from 28255df51433846bad67cccb69bb285660ef1667 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f7b4b7bd19b16d11491f18891942f6d48c2fcf7e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date: Fri Mar 20 14:05:31 2009 +0100
udp: fix missing scope_id in the socket creation
This patch fixes an EINVAL error returned by bind() when opening
an UDP server socket to propagate state-changes over the dedicated
link. This patch also includes the change of the example
configuration files in case that you want to use UDP over IPv6.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
-----------------------------------------------------------------------
doc/sync/alarm/conntrackd.conf | 8 ++++++++
doc/sync/ftfw/conntrackd.conf | 8 ++++++++
doc/sync/notrack/conntrackd.conf | 8 ++++++++
include/udp.h | 9 +++++++--
src/read_config_yy.y | 13 +++++++++++--
src/udp.c | 5 +++--
6 files changed, 45 insertions(+), 6 deletions(-)
This patch fixes an EINVAL error returned by bind() when opening
an UDP server socket to propagate state-changes over the dedicated
link. This patch also includes the change of the example
configuration files in case that you want to use UDP over IPv6.
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 9197db3..8eb22dd 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -139,12 +139,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index be78850..059f7b3 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -148,12 +148,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 173eab5..96ef547 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -129,12 +129,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/include/udp.h b/include/udp.h
index 02b8af1..6c659b9 100644
--- a/include/udp.h
+++ b/include/udp.h
@@ -10,8 +10,13 @@ struct udp_conf {
int checksum;
unsigned short port;
union {
- struct in_addr inet_addr;
- struct in6_addr inet_addr6;
+ struct {
+ struct in_addr inet_addr;
+ } ipv4;
+ struct {
+ struct in6_addr inet_addr6;
+ int scope_id;
+ } ipv6;
} server;
union {
struct in_addr inet_addr;
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index cfcd574..7b62cf3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -464,7 +464,7 @@ udp_option : T_IPV4_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server)) {
+ if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
break;
}
@@ -477,7 +477,7 @@ udp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.server) <= 0) {
+ &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
break;
}
@@ -518,8 +518,17 @@ udp_option : T_IPV6_DEST_ADDR T_IP
udp_option : T_IFACE T_STRING
{
+ int idx;
+
__max_dedicated_links_reached();
strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+
+ idx = if_nametoindex($2);
+ if (!idx) {
+ fprintf(stderr, "%s is an invalid interface.\n", $2);
+ break;
+ }
+ conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
};
udp_option : T_PORT T_NUMBER
diff --git a/src/udp.c b/src/udp.c
index bad8db8..d9943a0 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -33,14 +33,15 @@ struct udp_sock *udp_server_create(struct udp_conf *conf)
case AF_INET:
m->addr.ipv4.sin_family = AF_INET;
m->addr.ipv4.sin_port = htons(conf->port);
- m->addr.ipv4.sin_addr.s_addr = conf->server.inet_addr.s_addr;
+ m->addr.ipv4.sin_addr = conf->server.ipv4.inet_addr;
m->sockaddr_len = sizeof(struct sockaddr_in);
break;
case AF_INET6:
m->addr.ipv6.sin6_family = AF_INET6;
m->addr.ipv6.sin6_port = htons(conf->port);
- m->addr.ipv6.sin6_addr = conf->server.inet_addr6;
+ m->addr.ipv6.sin6_addr = conf->server.ipv6.inet_addr6;
+ m->addr.ipv6.sin6_scope_id = conf->server.ipv6.scope_id;
m->sockaddr_len = sizeof(struct sockaddr_in6);
break;
}
More information about the netfilter-cvslog
mailing list