Robert O'Brien reported a bug in the output of the source and target IP addresses of ARP packets using the GPRINT output plug-in and proposed a fix for that particular bug: https://lore.kernel.org/netfilter-devel/005601d8f532$49cd7080$dd685180$@foxtrot-research.com/ It transpired that there are a number of incorrect assumptions about the format of IP addresses in the code-base. In a couple of places there are endianness mismatches, but more commonly it is assumed that all IP addresses are IPv4. In the previous versions of this work, my solution for fixing the handling of IPv6 addresses was to handle all addresses internally as IPv6 by converting IPv4 addresses to IPv4-in-IPv6 ("::ffff:a.b.c.d"), and then convert IPv4-in-IPv6 address back to IPv4 on output. However, Florian pointed out that this means that if ulogd2 receives a real IPv4-in-IPv6 address as input it will be indistinguishable from the synthetic ones and so converted to IPv4 format on output. In this version, I have taken a different approach. Input keys have a legnth field which is not used for fixed-width data-types. I have used this to distinguish 128-bit IPv6 addresses from 32-bit IPv4 ones. I have also broken up the single patch of previous versions into a series of smaller, hopefully more easily comprehensible ones, separating out, in particular, the endianness fixes from the IPv6 ones. One thing to note is that this changes the expected endianness of IP address in the OPRINT plug-in. Jeremy Sowden (11): src: record length of integer key values printpkt: fix statement punctuator printpkt, raw2packet_BASE: keep gateway address in NBO raw2packet_BASE: store ARP address values as integers ip2hbin: store ipv6 address as integer ipfix: skip non-ipv4 addresses gprint, oprint: use inet_ntop to format ip addresses gprint, oprint: add support for printing ipv6 addresses sqlite3: correct binding of ipv4 addresses and 64-bit integers sqlite3: insert ipv6 addresses as null rather than garbage db: insert ipv6 addresses in the same format as ip2bin filter/raw2packet/ulogd_raw2packet_BASE.c | 15 ++++--- filter/ulogd_filter_IP2BIN.c | 33 +-------------- filter/ulogd_filter_IP2HBIN.c | 9 ++-- include/ulogd/ulogd.h | 50 ++++++++++++++++++++++- output/ipfix/ulogd_output_IPFIX.c | 3 ++ output/sqlite3/ulogd_output_SQLITE3.c | 20 ++++++--- output/ulogd_output_GPRINT.c | 32 ++++++++++----- output/ulogd_output_OPRINT.c | 41 +++++++++++-------- util/db.c | 19 +++++++-- util/printpkt.c | 5 ++- 10 files changed, 146 insertions(+), 81 deletions(-) -- 2.40.1
