summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNicolas Dichtel <nicolas.dichtel@6wind.com>2017-05-30 09:56:26 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2017-06-06 17:37:43 +0200
commitef410bf00a5b1e36dada75127dd525cd377a4756 (patch)
tree7b0d10a23b063ccf1700932917bead6bd2e5b3c0
parent3d9849649ec617b45a57a50c93244c13ea8244e0 (diff)
conntrackd: remove use of HAVE_INET_PTON_IPV6
The goal of this patch is to fix the ipv6 support when conntrackd is cross-compiled. The AC_RUN_IFELSE macro must be avoided as much as possible. See section 6.6 of the gnu autoconf: "If you really need to test for a runtime behavior while configuring, you can write a test program to determine the result, and compile and run it using AC_RUN_IFELSE. Avoid running test programs if possible, because this prevents people from configuring your package for cross-compiling." Let's remove this check and test the returned error to handle the case where ipv6 is not supported (inet_pton() returns -1 when the family is not supported). Reported-by: Zhenlin Zhang <zhenlin.zhang@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--configure.ac28
-rw-r--r--src/conntrack.c2
-rw-r--r--src/read_config_yy.y87
3 files changed, 46 insertions, 71 deletions
diff --git a/configure.ac b/configure.ac
index 6141220..ba330ee 100644
--- a/configure.ac
+++ b/configure.ac
@@ -81,34 +81,6 @@ dnl AC_CHECK_LIB([c], [main])
AC_CHECK_HEADERS(arpa/inet.h)
dnl check for inet_pton
AC_CHECK_FUNCS(inet_pton)
-dnl Some systems have it, but not IPv6
-if test "$ac_cv_func_inet_pton" = "yes" ; then
-AC_MSG_CHECKING(if inet_pton supports IPv6)
-AC_RUN_IFELSE([AC_LANG_SOURCE([[
-#ifdef HAVE_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
-#ifdef HAVE_NETINET_IN_H
-#include <netinet/in.h>
-#endif
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif
-int main()
- {
- struct in6_addr addr6;
- if (inet_pton(AF_INET6, "::1", &addr6) < 1)
- exit(1);
- else
- exit(0);
- }
- ]])],[ AC_MSG_RESULT(yes)
- AC_DEFINE_UNQUOTED(HAVE_INET_PTON_IPV6, 1, [Define to 1 if inet_pton supports IPv6.])
- ],[AC_MSG_RESULT(no)],[AC_MSG_RESULT(no)])
-fi
# Checks for header files.
dnl AC_HEADER_STDC
diff --git a/src/conntrack.c b/src/conntrack.c
index 57dbed7..8d19cca 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1057,10 +1057,8 @@ parse_inetaddr(const char *cp, struct addr_parse *parse)
{
if (inet_aton(cp, &parse->addr))
return AF_INET;
-#ifdef HAVE_INET_PTON_IPV6
else if (inet_pton(AF_INET6, cp, &parse->addr6) > 0)
return AF_INET6;
-#endif
return AF_UNSPEC;
}
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index 3bb7c5f..7ba24f4 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -240,17 +240,17 @@ multicast_option : T_IPV4_ADDR T_IP
multicast_option : T_IPV6_ADDR T_IP
{
__max_dedicated_links_reached();
+ int err;
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.mcast.in) <= 0) {
+ err = inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.mcast.in);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
+ } else if (err < 0) {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
if (conf.channel[conf.channel_num].u.mcast.ipproto == AF_INET) {
dlog(LOG_WARNING, "your multicast address is IPv6 but "
@@ -397,17 +397,18 @@ udp_option : T_IPV4_ADDR T_IP
udp_option : T_IPV6_ADDR T_IP
{
__max_dedicated_links_reached();
+ int err;
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
+ err = inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.udp.server.ipv6);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
+ } else if (err < 0) {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
+
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
};
@@ -425,17 +426,18 @@ udp_option : T_IPV4_DEST_ADDR T_IP
udp_option : T_IPV6_DEST_ADDR T_IP
{
__max_dedicated_links_reached();
+ int err;
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.client) <= 0) {
+ err = inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.udp.client);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
+ } else {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
+
conf.channel[conf.channel_num].u.udp.ipproto = AF_INET6;
};
@@ -535,17 +537,18 @@ tcp_option : T_IPV4_ADDR T_IP
tcp_option : T_IPV6_ADDR T_IP
{
__max_dedicated_links_reached();
+ int err;
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.tcp.server.ipv6) <= 0) {
+ err = inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.tcp.server.ipv6);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
+ } else if (err < 0) {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
+
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
};
@@ -563,17 +566,18 @@ tcp_option : T_IPV4_DEST_ADDR T_IP
tcp_option : T_IPV6_DEST_ADDR T_IP
{
__max_dedicated_links_reached();
+ int err;
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.tcp.client) <= 0) {
+ err = inet_pton(AF_INET6, $2,
+ &conf.channel[conf.channel_num].u.tcp.client);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6 address", $2);
break;
+ } else if (err < 0) {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
+
conf.channel[conf.channel_num].u.tcp.ipproto = AF_INET6;
};
@@ -1206,6 +1210,7 @@ filter_address_item : T_IPV6_ADDR T_IP
char *slash;
int cidr = 128;
struct nfct_filter_ipv6 filter_ipv6;
+ int err;
memset(&ip, 0, sizeof(union inet_address));
@@ -1220,15 +1225,15 @@ filter_address_item : T_IPV6_ADDR T_IP
}
}
-#ifdef HAVE_INET_PTON_IPV6
- if (inet_pton(AF_INET6, $2, &ip.ipv6) <= 0) {
+ err = inet_pton(AF_INET6, $2, &ip.ipv6);
+ if (err == 0) {
dlog(LOG_WARNING, "%s is not a valid IPv6, ignoring", $2);
break;
+ } else if (err < 0) {
+ dlog(LOG_ERR, "inet_pton(): IPv6 unsupported!");
+ exit(EXIT_FAILURE);
}
-#else
- dlog(LOG_WARNING, "cannot find inet_pton(), IPv6 unsupported!");
- break;
-#endif
+
if (slash && cidr < 128) {
struct ct_filter_netmask_ipv6 tmp;