Re: Ulogd - mysql addresses are in network-byte order

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/02/2012 01:08 PM, Pablo Neira Ayuso wrote:

On Mon, Jan 02, 2012 at 12:03:46AM -0500, marty wrote:


Here, for your review is a patch to
address the issue that I reported.

--- orig.ulogd_raw2packet_BASE.c	2011-12-08 11:55:09.000000000 -0500
+++ ulogd_raw2packet_BASE.c	2012-01-01 23:40:14.000000000 -0500
@@ -717,8 +717,8 @@
  		return ULOGD_IRET_OK;
  	len -= iph->ihl * 4;

-	okey_set_u32(&ret[KEY_IP_SADDR], iph->saddr);
-	okey_set_u32(&ret[KEY_IP_DADDR], iph->daddr);
+	okey_set_u32(&ret[KEY_IP_SADDR], ntohl(iph->saddr));
+	okey_set_u32(&ret[KEY_IP_DADDR], ntohl(iph->daddr));
  	okey_set_u8(&ret[KEY_IP_PROTOCOL], iph->protocol);
  	okey_set_u8(&ret[KEY_IP_TOS], iph->tos);
  	okey_set_u8(&ret[KEY_IP_TTL], iph->ttl);


Many other plugins rely on the address in network byte order.

Can you fix this in the mysql plugin by adding some configurable
option?


Seems like I already offered config options previously, no...
And as I recall I gave fair warning, which you ignored.
Simply put the host arch should determine IP format. That is a given.
That is easily changed to network format where/when required.

Personally I would write the BASE code as I have,
and let the option for network byte order be available
as a config option, as I suggested from the start.

The mysql-plugin does not have the keys available directly.
It pretty much passes data blindly.
I am hesitant to change this because it works nice.


more suggestions for your next patches, please:

* include short description before the patch.
* they have to apply with patch -p1<  file.patch


Agreed, I should submit patches with more info.


you can generate this with git diff HEAD (there are more advanced ways
to do this in git though)


Yes, I can do lots of things; even stand on my head.
But I fixed the issue as requested and if that is not sufficient I am terribly sorry, but I am a 60+ yr old man with a big schedule. 
The code works fine for my purposes and you are not inspiring me.

Marty B.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux