diff options
author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2017-05-30 09:56:26 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-06-06 17:37:43 +0200 |
commit | ef410bf00a5b1e36dada75127dd525cd377a4756 (patch) | |
tree | 7b0d10a23b063ccf1700932917bead6bd2e5b3c0 /src/read_config_yy.y | |
parent | 3d9849649ec617b45a57a50c93244c13ea8244e0 (diff) |
conntrackd: remove use of HAVE_INET_PTON_IPV6
The goal of this patch is to fix the ipv6 support when conntrackd is
cross-compiled. The AC_RUN_IFELSE macro must be avoided as much as possible.
See section 6.6 of the gnu autoconf:
"If you really need to test for a runtime behavior while configuring, you can
write a test program to determine the result, and compile and run it using
AC_RUN_IFELSE. Avoid running test programs if possible, because this prevents
people from configuring your package for cross-compiling."
Let's remove this check and test the returned error to handle the case where
ipv6 is not supported (inet_pton() returns -1 when the family is not supported).
Reported-by: Zhenlin Zhang <zhenlin.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/read_config_yy.y')
-rw-r--r-- | src/read_config_yy.y | 87 |
1 files changed, 46 insertions, 41 deletions
diff --git a/src/read_config_yy.y b/src/read_config_yy.y index 3bb7c5f..7ba24f4 100644 --- a/src/read_config_yy.y +++ b/src/read_config_yy.y @@ -240,17 +240,17 @@ multicast_option : T_IPV4_ADDR T_IP multicast_option : T_IPV6_ADDR T_IP { __max_dedicated_links_reached(); + int err; -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, - &conf.channel[conf.channel_num].u.mcast.in) <= 0) { + err = inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.mcast.in); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2); break; + } else if (err < 0) { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) { dlog(LOG_WARNING, "your multicast address is IPv6 but " @@ -397,17 +397,18 @@ udp_option : T_IPV4_ADDR T_IP udp_option : T_IPV6_ADDR T_IP { __max_dedicated_links_reached(); + int err; -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, - &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) { + err = inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.udp.server.ipv6); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2); break; + } else if (err < 0) { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; }; @@ -425,17 +426,18 @@ udp_option : T_IPV4_DEST_ADDR T_IP udp_option : T_IPV6_DEST_ADDR T_IP { __max_dedicated_links_reached(); + int err; -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, - &conf.channel[conf.channel_num].u.udp.client) <= 0) { + err = inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.udp.client); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2); break; + } else { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif + conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6; }; @@ -535,17 +537,18 @@ tcp_option : T_IPV4_ADDR T_IP tcp_option : T_IPV6_ADDR T_IP { __max_dedicated_links_reached(); + int err; -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, - &conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) { + err = inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.tcp.server.ipv6); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2); break; + } else if (err < 0) { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; }; @@ -563,17 +566,18 @@ tcp_option : T_IPV4_DEST_ADDR T_IP tcp_option : T_IPV6_DEST_ADDR T_IP { __max_dedicated_links_reached(); + int err; -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, - &conf.channel[conf.channel_num].u.tcp.client) <= 0) { + err = inet_pton(AF_INET6, $2, + &conf.channel[conf.channel_num].u.tcp.client); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2); break; + } else if (err < 0) { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif + conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6; }; @@ -1206,6 +1210,7 @@ filter_address_item : T_IPV6_ADDR T_IP char *slash; int cidr = 128; struct nfct_filter_ipv6 filter_ipv6; + int err; memset(&ip, 0, sizeof(union inet_address)); @@ -1220,15 +1225,15 @@ filter_address_item : T_IPV6_ADDR T_IP } } -#ifdef HAVE_INET_PTON_IPV6 - if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) { + err = inet_pton(AF_INET6, $2, &ip.ipv6); + if (err == 0) { dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2); break; + } else if (err < 0) { + dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!"); + exit(EXIT_FAILURE); } -#else - dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!"); - break; -#endif + if (slash && cidr < 128) { struct ct_filter_netmask_ipv6 tmp; |