From 4122928416f0cb32300a756c21ef9bc13311e015 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 2 Jun 2008 01:38:33 +0200
Subject: cleanup for key builder and fix IPv6 support and introduce 128-bits
 type

This patch cleans up the key building by breaking lines at 80 columns and
it fixes the IPv6 support (use of a pointer after free) by introducing a new
128 bit type.
---
 filter/ulogd_filter_IP2BIN.c    |   2 +-
 filter/ulogd_filter_IP2STR.c    |   2 +-
 include/ulogd/ulogd.h           |  14 +++++
 input/flow/ulogd_inpflow_NFCT.c | 120 ++++++++++++++++++++++++++--------------
 4 files changed, 95 insertions(+), 43 deletions(-)

diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 33db6a2..7412e38 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -137,7 +137,7 @@ static char *ip2bin(struct ulogd_key* inp, int index, char family)
 
 	switch (family) {
 		case AF_INET6:
-			addr = GET_VALUE(inp, index).ptr;
+			addr = GET_VALUE(inp, index).ui128;
 			break;
 		case AF_INET:
 			/* Convert IPv4 to IPv4 in IPv6 */
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index e4ec06d..9ad3b81 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -174,7 +174,7 @@ static char *ip2str(struct ulogd_key *inp, int index)
 	switch (convfamily) {
 	case AF_INET6:
 		inet_ntop(AF_INET6,
-			  GET_VALUE(inp, index).ptr,
+			  GET_VALUE(inp, index).ui128,
 			  tmp, sizeof(tmp));
 		break;
 	case AF_INET:
diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h
index 73a1711..776111a 100644
--- a/include/ulogd/ulogd.h
+++ b/include/ulogd/ulogd.h
@@ -105,10 +105,12 @@ struct ulogd_key {
 			u_int16_t	ui16;
 			u_int32_t	ui32;
 			u_int64_t	ui64;
+			u_int32_t	ui128[4];
 			int8_t		i8;
 			int16_t		i16;
 			int32_t		i32;
 			int64_t		i64;
+			int32_t		i128[4];
 			void		*ptr;
 		} value;
 		struct ulogd_key *source;
@@ -252,4 +254,16 @@ int ulogd_select_main(struct timeval *tv);
  ***********************************************************************/
 #include <ulogd/timer.h>
 
+/***********************************************************************
+ * other declarations
+ ***********************************************************************/
+
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
+
+#ifndef IPPROTO_UDPLITE
+#define IPPROTO_UDPLITE 136
+#endif
+
 #endif /* _ULOGD_H */
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 1390af4..7b9f13c 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -453,77 +453,112 @@ static int propagate_ct(struct ulogd_pluginstance *upi,
 	ret[NFCT_OOB_PROTOCOL].flags |= ULOGD_RETF_VALID;
 
 	switch (nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-		case AF_INET:
-			ret[NFCT_ORIG_IP_SADDR].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC);
-			ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
-			ret[NFCT_ORIG_IP_DADDR].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_DST);
-			ret[NFCT_ORIG_IP_DADDR].flags |= ULOGD_RETF_VALID;
+	case AF_INET:
+		ret[NFCT_ORIG_IP_SADDR].u.value.ui32 =
+			nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC);
+		ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
 
-			ret[NFCT_REPLY_IP_SADDR].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC);
-			ret[NFCT_REPLY_IP_SADDR].flags |= ULOGD_RETF_VALID;
-			ret[NFCT_REPLY_IP_DADDR].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
-			ret[NFCT_REPLY_IP_DADDR].flags |= ULOGD_RETF_VALID;
+		ret[NFCT_ORIG_IP_DADDR].u.value.ui32 =
+			nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_DST);
+		ret[NFCT_ORIG_IP_DADDR].flags |= ULOGD_RETF_VALID;
 
-			break;
-		case AF_INET6:
-			ret[NFCT_ORIG_IP_SADDR].u.value.ptr = (struct in6_addr *)nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC);
-			ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
-			ret[NFCT_ORIG_IP_DADDR].u.value.ptr = (struct in6_addr *)nfct_get_attr(ct, ATTR_ORIG_IPV6_DST);
-			ret[NFCT_ORIG_IP_DADDR].flags |= ULOGD_RETF_VALID;
+		ret[NFCT_REPLY_IP_SADDR].u.value.ui32 =
+			nfct_get_attr_u32(ct, ATTR_REPL_IPV4_SRC);
+		ret[NFCT_REPLY_IP_SADDR].flags |= ULOGD_RETF_VALID;
 
-			ret[NFCT_REPLY_IP_SADDR].u.value.ptr = (struct in6_addr *)nfct_get_attr(ct, ATTR_REPL_IPV6_SRC);
-			ret[NFCT_REPLY_IP_SADDR].flags |= ULOGD_RETF_VALID;
-			ret[NFCT_REPLY_IP_DADDR].u.value.ptr = (struct in6_addr *)nfct_get_attr(ct, ATTR_REPL_IPV6_DST);
-			ret[NFCT_REPLY_IP_DADDR].flags |= ULOGD_RETF_VALID;
+		ret[NFCT_REPLY_IP_DADDR].u.value.ui32 =
+			nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST);
+		ret[NFCT_REPLY_IP_DADDR].flags |= ULOGD_RETF_VALID;
 
-			break;
-		default:
-			ulogd_log(ULOGD_NOTICE, "Unknown protocol family (%d)\n",
-				  nfct_get_attr_u8(ct, ATTR_L3PROTO));
+		break;
+	case AF_INET6:
+		memcpy(ret[NFCT_ORIG_IP_SADDR].u.value.ui128,
+		       nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC),
+		       sizeof(int32_t) * 4);
+		ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
+
+		memcpy(ret[NFCT_ORIG_IP_DADDR].u.value.ui128,
+		       nfct_get_attr(ct, ATTR_ORIG_IPV6_DST),
+		       sizeof(int32_t) * 4);
+		ret[NFCT_ORIG_IP_DADDR].flags |= ULOGD_RETF_VALID;
+
+		memcpy(ret[NFCT_REPLY_IP_SADDR].u.value.ui128,
+		       nfct_get_attr(ct, ATTR_REPL_IPV6_SRC),
+		       sizeof(int32_t) * 4);
+		ret[NFCT_REPLY_IP_SADDR].flags |= ULOGD_RETF_VALID;
+
+		memcpy(ret[NFCT_REPLY_IP_DADDR].u.value.ui128,
+		       nfct_get_attr(ct, ATTR_REPL_IPV6_DST),
+		       sizeof(int32_t) * 4);
+		ret[NFCT_REPLY_IP_DADDR].flags |= ULOGD_RETF_VALID;
+
+		break;
+	default:
+		ulogd_log(ULOGD_NOTICE, "Unknown protocol family (%d)\n",
+			  nfct_get_attr_u8(ct, ATTR_L3PROTO));
 	}
-	ret[NFCT_ORIG_IP_PROTOCOL].u.value.ui8 = nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO);
+	ret[NFCT_ORIG_IP_PROTOCOL].u.value.ui8 =
+		nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO);
 	ret[NFCT_ORIG_IP_PROTOCOL].flags |= ULOGD_RETF_VALID;
-	ret[NFCT_REPLY_IP_PROTOCOL].u.value.ui8 = nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO);
+
+	ret[NFCT_REPLY_IP_PROTOCOL].u.value.ui8 =
+		nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO);
 	ret[NFCT_REPLY_IP_PROTOCOL].flags |= ULOGD_RETF_VALID;
 
 	switch (nfct_get_attr_u8(ct, ATTR_ORIG_L4PROTO)) {
 	case IPPROTO_TCP:
 	case IPPROTO_UDP:
+	case IPPROTO_UDPLITE:
 	case IPPROTO_SCTP:
-		/* FIXME: DCCP */
-		ret[NFCT_ORIG_L4_SPORT].u.value.ui16 = htons(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC));
+	case IPPROTO_DCCP:
+		ret[NFCT_ORIG_L4_SPORT].u.value.ui16 =
+			htons(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_SRC));
 		ret[NFCT_ORIG_L4_SPORT].flags |= ULOGD_RETF_VALID;
-		ret[NFCT_ORIG_L4_DPORT].u.value.ui16 = htons(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST));
+
+		ret[NFCT_ORIG_L4_DPORT].u.value.ui16 =
+			htons(nfct_get_attr_u16(ct, ATTR_ORIG_PORT_DST));
 		ret[NFCT_ORIG_L4_DPORT].flags |= ULOGD_RETF_VALID;
 		break;
 	case IPPROTO_ICMP:
-		ret[NFCT_ICMP_CODE].u.value.ui8 = nfct_get_attr_u8(ct, ATTR_ICMP_CODE);
+		ret[NFCT_ICMP_CODE].u.value.ui8 =
+			nfct_get_attr_u8(ct, ATTR_ICMP_CODE);
 		ret[NFCT_ICMP_CODE].flags |= ULOGD_RETF_VALID;
-		ret[NFCT_ICMP_TYPE].u.value.ui8 = nfct_get_attr_u8(ct, ATTR_ICMP_TYPE);
+
+		ret[NFCT_ICMP_TYPE].u.value.ui8 =
+			nfct_get_attr_u8(ct, ATTR_ICMP_TYPE);
 		ret[NFCT_ICMP_TYPE].flags |= ULOGD_RETF_VALID;
 		break;
 	}
 
 	switch (nfct_get_attr_u8(ct, ATTR_REPL_L4PROTO)) {
-		case IPPROTO_TCP:
-		case IPPROTO_UDP:
-		case IPPROTO_SCTP:
-			ret[NFCT_REPLY_L4_SPORT].u.value.ui16 = htons(nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC));
-			ret[NFCT_REPLY_L4_SPORT].flags |= ULOGD_RETF_VALID;
-			ret[NFCT_REPLY_L4_DPORT].u.value.ui16 = htons(nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST));
-			ret[NFCT_REPLY_L4_DPORT].flags |= ULOGD_RETF_VALID;
+	case IPPROTO_TCP:
+	case IPPROTO_UDP:
+	case IPPROTO_UDPLITE:
+	case IPPROTO_SCTP:
+	case IPPROTO_DCCP:
+		ret[NFCT_REPLY_L4_SPORT].u.value.ui16 =
+			htons(nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC));
+		ret[NFCT_REPLY_L4_SPORT].flags |= ULOGD_RETF_VALID;
+
+		ret[NFCT_REPLY_L4_DPORT].u.value.ui16 =
+			htons(nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST));
+		ret[NFCT_REPLY_L4_DPORT].flags |= ULOGD_RETF_VALID;
 	}
 
-	ret[NFCT_ORIG_RAW_PKTLEN].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_BYTES);
+	ret[NFCT_ORIG_RAW_PKTLEN].u.value.ui32 =
+		nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_BYTES);
 	ret[NFCT_ORIG_RAW_PKTLEN].flags |= ULOGD_RETF_VALID;
 
-	ret[NFCT_ORIG_RAW_PKTCOUNT].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_PACKETS);
+	ret[NFCT_ORIG_RAW_PKTCOUNT].u.value.ui32 =
+		nfct_get_attr_u32(ct, ATTR_ORIG_COUNTER_PACKETS);
 	ret[NFCT_ORIG_RAW_PKTCOUNT].flags |= ULOGD_RETF_VALID;
 
-	ret[NFCT_REPLY_RAW_PKTLEN].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_BYTES);;
+	ret[NFCT_REPLY_RAW_PKTLEN].u.value.ui32 =
+		nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_BYTES);;
 	ret[NFCT_REPLY_RAW_PKTLEN].flags |= ULOGD_RETF_VALID;
 
-	ret[NFCT_REPLY_RAW_PKTCOUNT].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_PACKETS);
+	ret[NFCT_REPLY_RAW_PKTCOUNT].u.value.ui32 =
+		nfct_get_attr_u32(ct, ATTR_REPL_COUNTER_PACKETS);
 	ret[NFCT_REPLY_RAW_PKTCOUNT].flags |= ULOGD_RETF_VALID;
 
 	ret[NFCT_CT_MARK].u.value.ui32 = nfct_get_attr_u32(ct, ATTR_MARK);
@@ -535,10 +570,13 @@ static int propagate_ct(struct ulogd_pluginstance *upi,
 	if (ts) {
 		ret[NFCT_FLOW_START_SEC].u.value.ui32 = ts->time[START].tv_sec;
 		ret[NFCT_FLOW_START_SEC].flags |= ULOGD_RETF_VALID;
+
 		ret[NFCT_FLOW_START_USEC].u.value.ui32 = ts->time[START].tv_usec;
 		ret[NFCT_FLOW_START_USEC].flags |= ULOGD_RETF_VALID;
+
 		ret[NFCT_FLOW_END_SEC].u.value.ui32 = ts->time[STOP].tv_sec;
 		ret[NFCT_FLOW_END_SEC].flags |= ULOGD_RETF_VALID;
+
 		ret[NFCT_FLOW_END_USEC].u.value.ui32 = ts->time[STOP].tv_usec;
 		ret[NFCT_FLOW_END_USEC].flags |= ULOGD_RETF_VALID;
 	}
-- 
cgit v1.2.3