* [PATCH ulogd2 v2 1/4] db, IP2BIN: correct `format_ipv6()` output buffer sizes
2025-05-26 17:19 [PATCH ulogd2 v2 0/4] Add support for logging ARP packets Jeremy Sowden
@ 2025-05-26 17:19 ` Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 2/4] IP2BIN, IP2HBIN, IP2STR: refactor `interp` call-backs Jeremy Sowden
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jeremy Sowden @ 2025-05-26 17:19 UTC (permalink / raw)
To: Netfilter Devel; +Cc: Slavko
`format_ipv6()` formats IPv6 addresses as hex-strings. However, sizing for the
output buffer is not done quite right.
The elements of the `ipbin_array` array in ulogd_filter_IP2BIN.c are sized using
a local macro, `IPADDR_LENGTH`, which is defined as 128, the number of bits in
an IPv6 address; this is much larger than necessary.
Define an appropriate macro and use that instead.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
filter/ulogd_filter_IP2BIN.c | 6 ++----
include/ulogd/ulogd.h | 11 ++++++++++-
util/db.c | 2 +-
3 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 7f7bea5071a7..f1ca4eee7d76 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -28,8 +28,6 @@
#include <ulogd/ulogd.h>
#include <netinet/if_ether.h>
-#define IPADDR_LENGTH 128
-
enum input_keys {
KEY_OOB_FAMILY,
KEY_OOB_PROTOCOL,
@@ -114,7 +112,7 @@ static struct ulogd_key ip2bin_keys[] = {
};
-static char ipbin_array[MAX_KEY - START_KEY + 1][IPADDR_LENGTH];
+static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ];
static int ip2bin(struct ulogd_key *inp, int index, int oindex)
{
@@ -161,7 +159,7 @@ static int ip2bin(struct ulogd_key *inp, int index, int oindex)
return ULOGD_IRET_ERR;
}
- format_ipv6(ipbin_array[oindex], IPADDR_LENGTH, addr);
+ format_ipv6(ipbin_array[oindex], sizeof(ipbin_array[oindex]), addr);
return ULOGD_IRET_OK;
}
diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h
index 5eafb21f9cfe..29082dfbe1b2 100644
--- a/include/ulogd/ulogd.h
+++ b/include/ulogd/ulogd.h
@@ -23,6 +23,15 @@
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+/*
+ * Minimum size of buffer required to hold an ipv6 address encoded as a
+ * hex-string, e.g.:
+ *
+ * ::1 -> "0x00000000000000000000000000000001"
+ * 2600:1408:ec00:36::1736:7f28 -> "0x26001408ec0000360000000017367f28"
+ */
+#define FORMAT_IPV6_BUFSZ (2 + sizeof(struct in6_addr) * 2 + 1)
+
/* All types with MSB = 1 make use of value.ptr
* other types use one of the union's member */
@@ -233,7 +242,7 @@ format_ipv6(char *buf, size_t size, const struct in6_addr *ipv6)
{
unsigned i = 0;
- if (size > 2 + sizeof (*ipv6) * 2) {
+ if (size >= FORMAT_IPV6_BUFSZ) {
buf[i++] = '0';
buf[i++] = 'x';
diff --git a/util/db.c b/util/db.c
index 11c3e6ad8454..69f4290f5c87 100644
--- a/util/db.c
+++ b/util/db.c
@@ -370,7 +370,7 @@ static void __format_query_db(struct ulogd_pluginstance *upi, char *start)
sprintf(stmt_ins, "%u,", res->u.value.ui32);
else {
struct in6_addr ipv6;
- char addrbuf[2 + sizeof(ipv6) * 2 + 1];
+ char addrbuf[FORMAT_IPV6_BUFSZ];
memcpy(ipv6.s6_addr, res->u.value.ui128,
sizeof(ipv6.s6_addr));
--
2.47.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH ulogd2 v2 2/4] IP2BIN, IP2HBIN, IP2STR: refactor `interp` call-backs
2025-05-26 17:19 [PATCH ulogd2 v2 0/4] Add support for logging ARP packets Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 1/4] db, IP2BIN: correct `format_ipv6()` output buffer sizes Jeremy Sowden
@ 2025-05-26 17:19 ` Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 3/4] Use `NFPROTO_*` constants for protocol families Jeremy Sowden
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jeremy Sowden @ 2025-05-26 17:19 UTC (permalink / raw)
To: Netfilter Devel; +Cc: Slavko
IP2STR and IP2BIN do all family checks inside the for-loop that converts the
address fields, whereas IP2HBIN does the checks once before the loop. Refactor
the former to do as the latter.
Also, move all the remaining contents of the for-loops, apart from the
`pp_is_valid` checks, into `ip2*` functions.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
filter/ulogd_filter_IP2BIN.c | 86 +++++++++++++++++------------------
filter/ulogd_filter_IP2HBIN.c | 52 +++++++++++----------
filter/ulogd_filter_IP2STR.c | 76 ++++++++++++++++---------------
3 files changed, 110 insertions(+), 104 deletions(-)
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index f1ca4eee7d76..2667a2a7f717 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -114,14 +114,42 @@ static struct ulogd_key ip2bin_keys[] = {
static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ];
-static int ip2bin(struct ulogd_key *inp, int index, int oindex)
+static void ip2bin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
+ uint8_t addr_family)
{
- char family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
- char convfamily = family;
- struct in6_addr *addr;
- struct in6_addr ip4_addr;
+ struct in6_addr *addr, ip4_addr;
+
+ switch (addr_family) {
+ case AF_INET6:
+ addr = (struct in6_addr *)ikey_get_u128(&inp[i]);
+ break;
+ case AF_INET:
+ /* Convert IPv4 to IPv4 in IPv6 */
+ addr = &ip4_addr;
+ uint32_to_ipv6(ikey_get_u32(&inp[i]), addr);
+ break;
+ }
+
+ format_ipv6(ipbin_array[o], sizeof(ipbin_array[o]), addr);
+
+ okey_set_ptr(&outp[o], ipbin_array[o]);
+}
+
+static int interp_ip2bin(struct ulogd_pluginstance *pi)
+{
+ struct ulogd_key *outp = pi->output.keys;
+ struct ulogd_key *inp = pi->input.keys;
+ uint8_t proto_family, addr_family;
+ int i, o;
+
+ proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
- if (family == AF_BRIDGE) {
+ switch (proto_family) {
+ case AF_INET6:
+ case AF_INET:
+ addr_family = proto_family;
+ break;
+ case AF_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
ulogd_log(ULOGD_NOTICE,
"No protocol inside AF_BRIDGE packet\n");
@@ -129,56 +157,28 @@ static int ip2bin(struct ulogd_key *inp, int index, int oindex)
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
case ETH_P_IPV6:
- convfamily = AF_INET6;
+ addr_family = AF_INET6;
break;
case ETH_P_IP:
- convfamily = AF_INET;
- break;
case ETH_P_ARP:
- convfamily = AF_INET;
+ addr_family = AF_INET;
break;
default:
ulogd_log(ULOGD_NOTICE,
"Unknown protocol inside AF_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
+ break;
+ default:
+ /* TODO handle error */
+ ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+ return ULOGD_IRET_ERR;
}
- switch (convfamily) {
- case AF_INET6:
- addr = (struct in6_addr *)ikey_get_u128(&inp[index]);
- break;
- case AF_INET:
- /* Convert IPv4 to IPv4 in IPv6 */
- addr = &ip4_addr;
- uint32_to_ipv6(ikey_get_u32(&inp[index]), addr);
- break;
- default:
- /* TODO handle error */
- ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
- return ULOGD_IRET_ERR;
- }
-
- format_ipv6(ipbin_array[oindex], sizeof(ipbin_array[oindex]), addr);
-
- return ULOGD_IRET_OK;
-}
-
-static int interp_ip2bin(struct ulogd_pluginstance *pi)
-{
- struct ulogd_key *ret = pi->output.keys;
- struct ulogd_key *inp = pi->input.keys;
- int i;
- int fret;
-
/* Iter on all addr fields */
- for(i = START_KEY; i <= MAX_KEY; i++) {
+ for (i = START_KEY, o = 0; i <= MAX_KEY; i++, o++) {
if (pp_is_valid(inp, i)) {
- fret = ip2bin(inp, i, i - START_KEY);
- if (fret != ULOGD_IRET_OK)
- return fret;
- okey_set_ptr(&ret[i - START_KEY],
- ipbin_array[i - START_KEY]);
+ ip2bin(inp, i, outp, o, addr_family);
}
}
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 48ea6a2cbc14..42ffc9497584 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -112,17 +112,32 @@ static struct ulogd_key ip2hbin_keys[] = {
},
};
+static void ip2hbin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
+ uint8_t addr_family)
+{
+ switch (addr_family) {
+ case AF_INET6:
+ okey_set_u128(&outp[o], ikey_get_u128(&inp[i]));
+ break;
+ case AF_INET:
+ okey_set_u32(&outp[o], ntohl(ikey_get_u32(&inp[i])));
+ break;
+ }
+}
+
static int interp_ip2hbin(struct ulogd_pluginstance *pi)
{
- struct ulogd_key *ret = pi->output.keys;
+ struct ulogd_key *outp = pi->output.keys;
struct ulogd_key *inp = pi->input.keys;
- uint8_t family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
- uint8_t convfamily = family;
- int i;
+ uint8_t proto_family, addr_family;
+ int i, o;
- switch (family) {
- case AF_INET:
+ proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
+
+ switch (proto_family) {
case AF_INET6:
+ case AF_INET:
+ addr_family = proto_family;
break;
case AF_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
@@ -132,13 +147,11 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
case ETH_P_IPV6:
- convfamily = AF_INET6;
+ addr_family = AF_INET6;
break;
case ETH_P_IP:
- convfamily = AF_INET;
- break;
case ETH_P_ARP:
- convfamily = AF_INET;
+ addr_family = AF_INET;
break;
default:
ulogd_log(ULOGD_NOTICE,
@@ -147,26 +160,15 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
}
break;
default:
- ulogd_log(ULOGD_NOTICE,
- "Unknown protocol inside packet\n");
+ /* TODO handle error */
+ ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
return ULOGD_IRET_ERR;
}
/* Iter on all addr fields */
- for(i = START_KEY; i <= MAX_KEY; i++) {
+ for (i = START_KEY, o = 0; i <= MAX_KEY; i++, o++) {
if (pp_is_valid(inp, i)) {
- switch (convfamily) {
- case AF_INET:
- okey_set_u32(&ret[i - START_KEY],
- ntohl(ikey_get_u32(&inp[i])));
- break;
- case AF_INET6:
- okey_set_u128(&ret[i - START_KEY],
- ikey_get_u128(&inp[i]));
- break;
- default:
- break;
- }
+ ip2hbin(inp, i, outp, o, addr_family);
}
}
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index fec892a62dac..194a8b103272 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -137,12 +137,44 @@ static struct ulogd_key ip2str_keys[] = {
static char ipstr_array[MAX_KEY - START_KEY + 1][INET6_ADDRSTRLEN];
-static int ip2str(struct ulogd_key *inp, int index, int oindex)
+static void ip2str(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
+ uint8_t addr_family)
{
- char family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
- char convfamily = family;
+ union {
+ struct in6_addr in6;
+ struct in_addr in;
+ } addr;
- if (family == AF_BRIDGE) {
+ switch (addr_family) {
+ case AF_INET6:
+ memcpy(addr.in6.s6_addr, ikey_get_u128(&inp[i]),
+ sizeof(addr.in6.s6_addr));
+ break;
+ case AF_INET:
+ addr.in.s_addr = ikey_get_u32(&inp[i]);
+ break;
+ }
+
+ inet_ntop(addr_family, &addr, ipstr_array[o], sizeof(ipstr_array[o]));
+
+ okey_set_ptr(&outp[o], ipstr_array[o]);
+}
+
+static int interp_ip2str(struct ulogd_pluginstance *pi)
+{
+ struct ulogd_key *outp = pi->output.keys;
+ struct ulogd_key *inp = pi->input.keys;
+ uint8_t proto_family, addr_family;
+ int i, o;
+
+ proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
+
+ switch (proto_family) {
+ case AF_INET6:
+ case AF_INET:
+ addr_family = proto_family;
+ break;
+ case AF_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
ulogd_log(ULOGD_NOTICE,
"No protocol inside AF_BRIDGE packet\n");
@@ -150,56 +182,28 @@ static int ip2str(struct ulogd_key *inp, int index, int oindex)
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
case ETH_P_IPV6:
- convfamily = AF_INET6;
+ addr_family = AF_INET6;
break;
case ETH_P_IP:
- convfamily = AF_INET;
- break;
case ETH_P_ARP:
- convfamily = AF_INET;
+ addr_family = AF_INET;
break;
default:
ulogd_log(ULOGD_NOTICE,
"Unknown protocol inside AF_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
- }
-
- switch (convfamily) {
- uint32_t ip;
- case AF_INET6:
- inet_ntop(AF_INET6,
- ikey_get_u128(&inp[index]),
- ipstr_array[oindex], sizeof(ipstr_array[oindex]));
- break;
- case AF_INET:
- ip = ikey_get_u32(&inp[index]);
- inet_ntop(AF_INET, &ip,
- ipstr_array[oindex], sizeof(ipstr_array[oindex]));
break;
default:
/* TODO error handling */
ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
return ULOGD_IRET_ERR;
}
- return ULOGD_IRET_OK;
-}
-
-static int interp_ip2str(struct ulogd_pluginstance *pi)
-{
- struct ulogd_key *ret = pi->output.keys;
- struct ulogd_key *inp = pi->input.keys;
- int i;
- int fret;
/* Iter on all addr fields */
- for (i = START_KEY; i <= MAX_KEY; i++) {
+ for (i = START_KEY, o = 0; i <= MAX_KEY; i++, o++) {
if (pp_is_valid(inp, i)) {
- fret = ip2str(inp, i, i - START_KEY);
- if (fret != ULOGD_IRET_OK)
- return fret;
- okey_set_ptr(&ret[i - START_KEY],
- ipstr_array[i-START_KEY]);
+ ip2str(inp, i, outp, o, addr_family);
}
}
--
2.47.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH ulogd2 v2 3/4] Use `NFPROTO_*` constants for protocol families
2025-05-26 17:19 [PATCH ulogd2 v2 0/4] Add support for logging ARP packets Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 1/4] db, IP2BIN: correct `format_ipv6()` output buffer sizes Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 2/4] IP2BIN, IP2HBIN, IP2STR: refactor `interp` call-backs Jeremy Sowden
@ 2025-05-26 17:19 ` Jeremy Sowden
2025-05-26 17:19 ` [PATCH ulogd2 v2 4/4] Add support for logging ARP packets Jeremy Sowden
2025-05-28 10:56 ` [PATCH ulogd2 v2 0/4] " Florian Westphal
4 siblings, 0 replies; 6+ messages in thread
From: Jeremy Sowden @ 2025-05-26 17:19 UTC (permalink / raw)
To: Netfilter Devel; +Cc: Slavko
Netfilter has a set of `NFPROTO_*` constants for the protocol families that it
supports, in part because it supports protocols and pseudo-protocols that do not
have `PF_*` (and `AF_*`) constants. Currently, ulogd uses `AF_*` constants for
protocol families, because it does not support any families which do not have
`AF_*` constants. Switch to `NFPROTO_*` constants instead, so we can add ARP
support later.
In the IP2* filters, retain `AF_*` for address family variables.
Remove a stray semicolon.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
filter/raw2packet/ulogd_raw2packet_BASE.c | 9 +++++----
filter/ulogd_filter_IP2BIN.c | 17 ++++++++++-------
filter/ulogd_filter_IP2HBIN.c | 17 ++++++++++-------
filter/ulogd_filter_IP2STR.c | 17 ++++++++++-------
input/flow/ulogd_inpflow_NFCT.c | 23 ++++++++++++-----------
input/packet/ulogd_inppkt_UNIXSOCK.c | 7 ++++---
util/printpkt.c | 7 ++++---
7 files changed, 55 insertions(+), 42 deletions(-)
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 09e931349acf..4b6096421b71 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -44,6 +44,7 @@
#include <ulogd/ipfix_protocol.h>
#include <netinet/if_ether.h>
#include <string.h>
+#include <linux/netfilter.h>
#include <linux/types.h>
enum input_keys {
@@ -937,7 +938,7 @@ static int _interp_bridge(struct ulogd_pluginstance *pi, uint32_t len)
_interp_arp(pi, len);
break;
/* ETH_P_8021Q ?? others? */
- };
+ }
return ULOGD_IRET_OK;
}
@@ -953,11 +954,11 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
ikey_get_u16(&pi->input.keys[INKEY_OOB_PROTOCOL]));
switch (family) {
- case AF_INET:
+ case NFPROTO_IPV4:
return _interp_iphdr(pi, len);
- case AF_INET6:
+ case NFPROTO_IPV6:
return _interp_ipv6hdr(pi, len);
- case AF_BRIDGE:
+ case NFPROTO_BRIDGE:
return _interp_bridge(pi, len);
}
return ULOGD_IRET_OK;
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 2667a2a7f717..9bbeebbb711e 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
+#include <linux/netfilter.h>
#include <ulogd/ulogd.h>
#include <netinet/if_ether.h>
@@ -145,14 +146,16 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
switch (proto_family) {
- case AF_INET6:
- case AF_INET:
- addr_family = proto_family;
+ case NFPROTO_IPV6:
+ addr_family = AF_INET6;
+ break;
+ case NFPROTO_IPV4:
+ addr_family = AF_INET;
break;
- case AF_BRIDGE:
+ case NFPROTO_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
ulogd_log(ULOGD_NOTICE,
- "No protocol inside AF_BRIDGE packet\n");
+ "No protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -165,13 +168,13 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
break;
default:
ulogd_log(ULOGD_NOTICE,
- "Unknown protocol inside AF_BRIDGE packet\n");
+ "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
break;
default:
/* TODO handle error */
- ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+ ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
return ULOGD_IRET_ERR;
}
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 42ffc9497584..081b757a6f1a 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
+#include <linux/netfilter.h>
#include <ulogd/ulogd.h>
#include <netinet/if_ether.h>
@@ -135,14 +136,16 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
switch (proto_family) {
- case AF_INET6:
- case AF_INET:
- addr_family = proto_family;
+ case NFPROTO_IPV6:
+ addr_family = AF_INET6;
+ break;
+ case NFPROTO_IPV4:
+ addr_family = AF_INET;
break;
- case AF_BRIDGE:
+ case NFPROTO_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
ulogd_log(ULOGD_NOTICE,
- "No protocol inside AF_BRIDGE packet\n");
+ "No protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -155,13 +158,13 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
break;
default:
ulogd_log(ULOGD_NOTICE,
- "Unknown protocol inside AF_BRIDGE packet\n");
+ "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
break;
default:
/* TODO handle error */
- ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+ ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
return ULOGD_IRET_ERR;
}
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 194a8b103272..3d4d6e9dc897 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -25,6 +25,7 @@
#include <stdlib.h>
#include <string.h>
#include <arpa/inet.h>
+#include <linux/netfilter.h>
#include <ulogd/ulogd.h>
#include <netinet/if_ether.h>
@@ -170,14 +171,16 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
switch (proto_family) {
- case AF_INET6:
- case AF_INET:
- addr_family = proto_family;
+ case NFPROTO_IPV6:
+ addr_family = AF_INET6;
+ break;
+ case NFPROTO_IPV4:
+ addr_family = AF_INET;
break;
- case AF_BRIDGE:
+ case NFPROTO_BRIDGE:
if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
ulogd_log(ULOGD_NOTICE,
- "No protocol inside AF_BRIDGE packet\n");
+ "No protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -190,13 +193,13 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
break;
default:
ulogd_log(ULOGD_NOTICE,
- "Unknown protocol inside AF_BRIDGE packet\n");
+ "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
return ULOGD_IRET_ERR;
}
break;
default:
/* TODO error handling */
- ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+ ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
return ULOGD_IRET_ERR;
}
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 8746b881a3ab..82dc83a8a440 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -48,6 +48,7 @@
#include <ulogd/namespace.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter.h>
#ifndef NSEC_PER_SEC
#define NSEC_PER_SEC 1000000000L
@@ -491,14 +492,14 @@ static uint32_t hash(const void *data, const struct hashtable *table)
const struct nf_conntrack *ct = data;
switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
- case AF_INET:
- ret = __hash4(ct, table);
- break;
- case AF_INET6:
- ret = __hash6(ct, table);
- break;
- default:
- break;
+ case NFPROTO_IPV4:
+ ret = __hash4(ct, table);
+ break;
+ case NFPROTO_IPV6:
+ ret = __hash6(ct, table);
+ break;
+ default:
+ break;
}
return ret;
@@ -528,7 +529,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
okey_set_u8(&ret[NFCT_OOB_PROTOCOL], 0); /* FIXME */
switch (nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
- case AF_INET:
+ case NFPROTO_IPV4:
okey_set_u32(&ret[NFCT_ORIG_IP_SADDR],
nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC));
okey_set_u32(&ret[NFCT_ORIG_IP_DADDR],
@@ -538,7 +539,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
okey_set_u32(&ret[NFCT_REPLY_IP_DADDR],
nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST));
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
okey_set_u128(&ret[NFCT_ORIG_IP_SADDR],
nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC));
okey_set_u128(&ret[NFCT_ORIG_IP_DADDR],
@@ -549,7 +550,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
nfct_get_attr(ct, ATTR_REPL_IPV6_DST));
break;
default:
- ulogd_log(ULOGD_NOTICE, "Unknown protocol family (%d)\n",
+ ulogd_log(ULOGD_NOTICE, "Unexpected protocol family (%d)\n",
nfct_get_attr_u8(ct, ATTR_L3PROTO));
}
okey_set_u8(&ret[NFCT_ORIG_IP_PROTOCOL],
diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c
index 0d9ba60768cc..bed5ccc6940f 100644
--- a/input/packet/ulogd_inppkt_UNIXSOCK.c
+++ b/input/packet/ulogd_inppkt_UNIXSOCK.c
@@ -32,6 +32,7 @@
#include <pwd.h>
#include <grp.h>
#include <errno.h>
+#include <linux/netfilter.h>
#include <ulogd/ulogd.h>
@@ -388,11 +389,11 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p
payload_len = ntohs(pkt->payload_length);
if (ip_version == 4)
- oob_family = AF_INET;
+ oob_family = NFPROTO_IPV4;
else if (ip_version == 6)
- oob_family = AF_INET6;
+ oob_family = NFPROTO_IPV6;
else
- oob_family = 0;
+ oob_family = NFPROTO_UNSPEC;
okey_set_u8(&ret[UNIXSOCK_KEY_OOB_FAMILY], oob_family);
okey_set_ptr(&ret[UNIXSOCK_KEY_RAW_PCKT], &pkt->payload);
diff --git a/util/printpkt.c b/util/printpkt.c
index 09a219417f91..2fecd50e233c 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -35,6 +35,7 @@
#include <ulogd/conffile.h>
#include <ulogd/printpkt.h>
#include <netinet/if_ether.h>
+#include <linux/netfilter.h>
struct ulogd_key printpkt_keys[] = {
[KEY_OOB_FAMILY] = { .name = "oob.family", },
@@ -457,13 +458,13 @@ int printpkt_print(struct ulogd_key *res, char *buf)
buf_cur += sprintf(buf_cur, "MAC= ");
switch (ikey_get_u8(&res[KEY_OOB_FAMILY])) {
- case AF_INET:
+ case NFPROTO_IPV4:
buf_cur += printpkt_ipv4(res, buf_cur);
break;
- case AF_INET6:
+ case NFPROTO_IPV6:
buf_cur += printpkt_ipv6(res, buf_cur);
break;
- case AF_BRIDGE:
+ case NFPROTO_BRIDGE:
buf_cur += printpkt_bridge(res, buf_cur);
break;
}
--
2.47.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH ulogd2 v2 4/4] Add support for logging ARP packets
2025-05-26 17:19 [PATCH ulogd2 v2 0/4] Add support for logging ARP packets Jeremy Sowden
` (2 preceding siblings ...)
2025-05-26 17:19 ` [PATCH ulogd2 v2 3/4] Use `NFPROTO_*` constants for protocol families Jeremy Sowden
@ 2025-05-26 17:19 ` Jeremy Sowden
2025-05-28 10:56 ` [PATCH ulogd2 v2 0/4] " Florian Westphal
4 siblings, 0 replies; 6+ messages in thread
From: Jeremy Sowden @ 2025-05-26 17:19 UTC (permalink / raw)
To: Netfilter Devel; +Cc: Slavko
Hithero, ulogd has only fully supported handling ARP headers that are present in
`NFPROTO_BRIDGE` packets.
Add support for handling ARP packets in their own right.
Reported-by: Slavko <linux@slavino.sk>
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
filter/raw2packet/ulogd_raw2packet_BASE.c | 2 ++
filter/ulogd_filter_IP2BIN.c | 24 +++++++++++++++++++++--
filter/ulogd_filter_IP2HBIN.c | 23 +++++++++++++++++++++-
filter/ulogd_filter_IP2STR.c | 1 +
util/printpkt.c | 3 +++
5 files changed, 50 insertions(+), 3 deletions(-)
diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 4b6096421b71..2c0d16449cf1 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -960,6 +960,8 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
return _interp_ipv6hdr(pi, len);
case NFPROTO_BRIDGE:
return _interp_bridge(pi, len);
+ case NFPROTO_ARP:
+ return _interp_arp(pi, len);
}
return ULOGD_IRET_OK;
}
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 9bbeebbb711e..9e6f3a929058 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -39,7 +39,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2bin_inp[] = {
@@ -83,6 +85,16 @@ static struct ulogd_key ip2bin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2bin_keys[] = {
@@ -110,7 +122,14 @@ static struct ulogd_key ip2bin_keys[] = {
.type = ULOGD_RET_RAWSTR,
.name = "reply.ip.daddr.bin",
},
-
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.saddr.bin",
+ },
+ {
+ .type = ULOGD_RET_RAWSTR,
+ .name = "arp.daddr.bin",
+ },
};
static char ipbin_array[MAX_KEY - START_KEY + 1][FORMAT_IPV6_BUFSZ];
@@ -150,6 +169,7 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 081b757a6f1a..38306e8406a2 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -40,7 +40,9 @@ enum input_keys {
KEY_ORIG_IP_DADDR,
KEY_REPLY_IP_SADDR,
KEY_REPLY_IP_DADDR,
- MAX_KEY = KEY_REPLY_IP_DADDR,
+ KEY_ARP_SPA,
+ KEY_ARP_TPA,
+ MAX_KEY = KEY_ARP_TPA,
};
static struct ulogd_key ip2hbin_inp[] = {
@@ -84,6 +86,16 @@ static struct ulogd_key ip2hbin_inp[] = {
.flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
.name = "reply.ip.daddr",
},
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE|ULOGD_KEYF_OPTIONAL,
+ .name = "arp.daddr",
+ },
};
static struct ulogd_key ip2hbin_keys[] = {
@@ -111,6 +123,14 @@ static struct ulogd_key ip2hbin_keys[] = {
.type = ULOGD_RET_IPADDR,
.name = "reply.ip.hdaddr",
},
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hsaddr",
+ },
+ {
+ .type = ULOGD_RET_IPADDR,
+ .name = "arp.hdaddr",
+ },
};
static void ip2hbin(struct ulogd_key *inp, int i, struct ulogd_key *outp, int o,
@@ -140,6 +160,7 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 3d4d6e9dc897..12a376efafe4 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -175,6 +175,7 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
addr_family = AF_INET6;
break;
case NFPROTO_IPV4:
+ case NFPROTO_ARP:
addr_family = AF_INET;
break;
case NFPROTO_BRIDGE:
diff --git a/util/printpkt.c b/util/printpkt.c
index 2fecd50e233c..93fe4722d63c 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -467,6 +467,9 @@ int printpkt_print(struct ulogd_key *res, char *buf)
case NFPROTO_BRIDGE:
buf_cur += printpkt_bridge(res, buf_cur);
break;
+ case NFPROTO_ARP:
+ buf_cur += printpkt_arp(res, buf_cur);
+ break;
}
if (pp_is_valid(res, KEY_OOB_UID))
--
2.47.2
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [PATCH ulogd2 v2 0/4] Add support for logging ARP packets
2025-05-26 17:19 [PATCH ulogd2 v2 0/4] Add support for logging ARP packets Jeremy Sowden
` (3 preceding siblings ...)
2025-05-26 17:19 ` [PATCH ulogd2 v2 4/4] Add support for logging ARP packets Jeremy Sowden
@ 2025-05-28 10:56 ` Florian Westphal
4 siblings, 0 replies; 6+ messages in thread
From: Florian Westphal @ 2025-05-28 10:56 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel, Slavko
Jeremy Sowden <jeremy@azazel.net> wrote:
> Hithero, ulogd has only fully supported handling ARP headers that are present
> in `AF_BRIDGE` packets. This patch-set adds support for handling ARP packets
> in their own right.
Unless someone else has anything else to add I intend to apply this
series later this week.
^ permalink raw reply [flat|nested] 6+ messages in thread