Use `NFPROTO_*` constants for protocol families

Netfilter has a set of `NFPROTO_*` constants for the protocol families that it
supports, in part because it supports protocols and pseudo-protocols that do not
have `PF_*` (and `AF_*`) constants.  Currently, ulogd uses `AF_*` constants for
protocol families, because it does not support any families which do not have
`AF_*` constants.  Switch to `NFPROTO_*` constants instead, so we can add ARP
support later.

In the IP2* filters, retain `AF_*` for address family variables.

Remove a stray semicolon.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>

7 files changed, 55 insertions, 42 deletions

diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 09e9313..4b60964 100644
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -44,6 +44,7 @@
 #include <ulogd/ipfix_protocol.h>
 #include <netinet/if_ether.h>
 #include <string.h>
+#include <linux/netfilter.h>
 #include <linux/types.h>
 
 enum input_keys {
@@ -937,7 +938,7 @@ static int _interp_bridge(struct ulogd_pluginstance *pi, uint32_t len)
 		_interp_arp(pi, len);
 		break;
 	/* ETH_P_8021Q ?? others? */
-	};
+	}
 
 	return ULOGD_IRET_OK;
 }
@@ -953,11 +954,11 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
 		     ikey_get_u16(&pi->input.keys[INKEY_OOB_PROTOCOL]));
 
 	switch (family) {
-	case AF_INET:
+	case NFPROTO_IPV4:
 		return _interp_iphdr(pi, len);
-	case AF_INET6:
+	case NFPROTO_IPV6:
 		return _interp_ipv6hdr(pi, len);
-	case AF_BRIDGE:
+	case NFPROTO_BRIDGE:
 		return _interp_bridge(pi, len);
 	}
 	return ULOGD_IRET_OK;
diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 2667a2a..9bbeebb 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -145,14 +146,16 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
 	proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
 	switch (proto_family) {
-	case AF_INET6:
-	case AF_INET:
-		addr_family = proto_family;
+	case NFPROTO_IPV6:
+		addr_family = AF_INET6;
+		break;
+	case NFPROTO_IPV4:
+		addr_family = AF_INET;
 		break;
-	case AF_BRIDGE:
+	case NFPROTO_BRIDGE:
 		if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
 			ulogd_log(ULOGD_NOTICE,
-				  "No protocol inside AF_BRIDGE packet\n");
+				  "No protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -165,13 +168,13 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
 			break;
 		default:
 			ulogd_log(ULOGD_NOTICE,
-				  "Unknown protocol inside AF_BRIDGE packet\n");
+				  "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		break;
 	default:
 		/* TODO handle error */
-		ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+		ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
 		return ULOGD_IRET_ERR;
 	}
 
diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 42ffc94..081b757 100644
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -26,6 +26,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -135,14 +136,16 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
 	proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
 	switch (proto_family) {
-	case AF_INET6:
-	case AF_INET:
-		addr_family = proto_family;
+	case NFPROTO_IPV6:
+		addr_family = AF_INET6;
+		break;
+	case NFPROTO_IPV4:
+		addr_family = AF_INET;
 		break;
-	case AF_BRIDGE:
+	case NFPROTO_BRIDGE:
 		if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
 			ulogd_log(ULOGD_NOTICE,
-				  "No protocol inside AF_BRIDGE packet\n");
+				  "No protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -155,13 +158,13 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
 			break;
 		default:
 			ulogd_log(ULOGD_NOTICE,
-				  "Unknown protocol inside AF_BRIDGE packet\n");
+				  "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		break;
 	default:
 		/* TODO handle error */
-		ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+		ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
 		return ULOGD_IRET_ERR;
 	}
 
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 194a8b1..3d4d6e9 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -170,14 +171,16 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
 	proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
 	switch (proto_family) {
-	case AF_INET6:
-	case AF_INET:
-		addr_family = proto_family;
+	case NFPROTO_IPV6:
+		addr_family = AF_INET6;
+		break;
+	case NFPROTO_IPV4:
+		addr_family = AF_INET;
 		break;
-	case AF_BRIDGE:
+	case NFPROTO_BRIDGE:
 		if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
 			ulogd_log(ULOGD_NOTICE,
-				  "No protocol inside AF_BRIDGE packet\n");
+				  "No protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -190,13 +193,13 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
 			break;
 		default:
 			ulogd_log(ULOGD_NOTICE,
-				  "Unknown protocol inside AF_BRIDGE packet\n");
+				  "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
 			return ULOGD_IRET_ERR;
 		}
 		break;
 	default:
 		/* TODO error handling */
-		ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+		ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
 		return ULOGD_IRET_ERR;
 	}
 
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 8746b88..82dc83a 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -48,6 +48,7 @@
 #include <ulogd/namespace.h>
 
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter.h>
 
 #ifndef NSEC_PER_SEC
 #define NSEC_PER_SEC    1000000000L
@@ -491,14 +492,14 @@ static uint32_t hash(const void *data, const struct hashtable *table)
 	const struct nf_conntrack *ct = data;
 
 	switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-		case AF_INET:
-			ret = __hash4(ct, table);
-			break;
-		case AF_INET6:
-			ret = __hash6(ct, table);
-			break;
-		default:
-			break;
+	case NFPROTO_IPV4:
+		ret = __hash4(ct, table);
+		break;
+	case NFPROTO_IPV6:
+		ret = __hash6(ct, table);
+		break;
+	default:
+		break;
 	}
 
 	return ret;
@@ -528,7 +529,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
 	okey_set_u8(&ret[NFCT_OOB_PROTOCOL], 0); /* FIXME */
 
 	switch (nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-	case AF_INET:
+	case NFPROTO_IPV4:
 		okey_set_u32(&ret[NFCT_ORIG_IP_SADDR],
 			     nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC));
 		okey_set_u32(&ret[NFCT_ORIG_IP_DADDR],
@@ -538,7 +539,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
 		okey_set_u32(&ret[NFCT_REPLY_IP_DADDR],
 			     nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST));
 		break;
-	case AF_INET6:
+	case NFPROTO_IPV6:
 		okey_set_u128(&ret[NFCT_ORIG_IP_SADDR],
 			      nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC));
 		okey_set_u128(&ret[NFCT_ORIG_IP_DADDR],
@@ -549,7 +550,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
 			      nfct_get_attr(ct, ATTR_REPL_IPV6_DST));
 		break;
 	default:
-		ulogd_log(ULOGD_NOTICE, "Unknown protocol family (%d)\n",
+		ulogd_log(ULOGD_NOTICE, "Unexpected protocol family (%d)\n",
 			  nfct_get_attr_u8(ct, ATTR_L3PROTO));
 	}
 	okey_set_u8(&ret[NFCT_ORIG_IP_PROTOCOL],
diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c
index 0d9ba60..bed5ccc 100644
--- a/input/packet/ulogd_inppkt_UNIXSOCK.c
+++ b/input/packet/ulogd_inppkt_UNIXSOCK.c
@@ -32,6 +32,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <errno.h>
+#include <linux/netfilter.h>
 
 #include <ulogd/ulogd.h>
 
@@ -388,11 +389,11 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p
 	payload_len = ntohs(pkt->payload_length);
 
 	if (ip_version == 4)
-		oob_family = AF_INET;
+		oob_family = NFPROTO_IPV4;
 	else if (ip_version == 6)
-		oob_family = AF_INET6;
+		oob_family = NFPROTO_IPV6;
 	else
-		oob_family = 0;
+		oob_family = NFPROTO_UNSPEC;
 
 	okey_set_u8(&ret[UNIXSOCK_KEY_OOB_FAMILY], oob_family);
 	okey_set_ptr(&ret[UNIXSOCK_KEY_RAW_PCKT], &pkt->payload);
diff --git a/util/printpkt.c b/util/printpkt.c
index 09a2194..2fecd50 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -35,6 +35,7 @@
 #include <ulogd/conffile.h>
 #include <ulogd/printpkt.h>
 #include <netinet/if_ether.h>
+#include <linux/netfilter.h>
 
 struct ulogd_key printpkt_keys[] = {
 	[KEY_OOB_FAMILY]	= { .name = "oob.family", },
@@ -457,13 +458,13 @@ int printpkt_print(struct ulogd_key *res, char *buf)
 		buf_cur += sprintf(buf_cur, "MAC= ");
 
 	switch (ikey_get_u8(&res[KEY_OOB_FAMILY])) {
-	case AF_INET:
+	case NFPROTO_IPV4:
 		buf_cur += printpkt_ipv4(res, buf_cur);
 		break;
-	case AF_INET6:
+	case NFPROTO_IPV6:
 		buf_cur += printpkt_ipv6(res, buf_cur);
 		break;
-	case AF_BRIDGE:
+	case NFPROTO_BRIDGE:
 		buf_cur += printpkt_bridge(res, buf_cur);
 		break;
 	}