On 12/31/2011 12:27 PM, Pablo Neira Ayuso wrote:
On Sat, Dec 31, 2011 at 11:36:36AM -0500, marty wrote:
This is NOT a bug, but I believe it needs consideration for change.
So lets call it a feature request to stay friendly.
ulogd.c:733 assigning `ip.saddr(?)' as source for MYSQL(ip.saddr)
ulogd.c:733 assigning `ip.daddr(?)' as source for MYSQL(ip.daddr)
On a little-endian architecture these values are incompatable with
the native math functions and totally unsuitable for making
comparisons in mysql.
eg:
if (( ip.saddr> nnnnnnnnn ) AND ( ip.saddr< mmmmmmmm)) ...
This simply will not work on a little endian machine.
It is impractical to do a byte order conversion using a bunch
of the high level routines within mysql, and it may not be
timely to do it later using a scripting language.
IMHO I believe it is appropriate for these values to be in
host-byte order before they are ever assigned to mysql.
This would then match the byte order of any machine.
If there are compelling reasons to use network byte order,
I suggest this be a configurable option, not the default.
Thanks for a great piece of software,
Thanks for the report.
Would you be brave enough to send me a patch to address this?
Sure, but would you be brave enough to accept my patch?
Seriously, before I start, please get consensus on the issue of
configuration options for network byte order addresses.
That means I might need to work on more lib code, to be complete.
I wouldn't want to break anything people needed and if that
option is not necessary I can have a tested patch in a couple days.
Let me know what is best.
Thanks,
Marty B
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
