diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-03 22:53:09 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-05-03 22:54:03 +0200 |
| commit | b55717d46ae3b7c3769192a66e565bc7c2d833a1 (patch) | |
| tree | 1ad5c92918c39f5723d37b2f91a70b441611e8f8 /src/parse.c | |
| parent | d82afd9e8df3a7eca5be33bdfda9021ad803fb21 (diff) | |
conntrackd: fix endianness bug in IPv4 and IPv6 address
Add ct_parse_be32() and ct_parse_be128() and use them to deal with
an IP address which is already in network byte order.
Reported-by: Tao Gong <gongtao0607@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parse.c')
| -rw-r--r-- | src/parse.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/parse.c b/src/parse.c index e97a721..eedba66 100644 --- a/src/parse.c +++ b/src/parse.c @@ -29,7 +29,8 @@ static void ct_parse_u8(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_u16(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_u32(struct nf_conntrack *ct, int attr, void *data); -static void ct_parse_u128(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_be32(struct nf_conntrack *ct, int attr, void *data); +static void ct_parse_be128(struct nf_conntrack *ct, int attr, void *data); static void ct_parse_str(struct nf_conntrack *ct, const struct netattr *, void *data); static void ct_parse_group(struct nf_conntrack *ct, int attr, void *data); @@ -108,12 +109,12 @@ static struct ct_parser h[NTA_MAX] = { .size = NTA_SIZE(sizeof(struct nfct_attr_grp_port)), }, [NTA_SNAT_IPV4] = { - .parse = ct_parse_u32, + .parse = ct_parse_be32, .attr = ATTR_SNAT_IPV4, .size = NTA_SIZE(sizeof(uint32_t)), }, [NTA_DNAT_IPV4] = { - .parse = ct_parse_u32, + .parse = ct_parse_be32, .attr = ATTR_DNAT_IPV4, .size = NTA_SIZE(sizeof(uint32_t)), }, @@ -192,12 +193,12 @@ static struct ct_parser h[NTA_MAX] = { .max_size = NTA_SIZE(NTA_LABELS_MAX_SIZE), }, [NTA_SNAT_IPV6] = { - .parse = ct_parse_u128, + .parse = ct_parse_be128, .attr = ATTR_SNAT_IPV6, .size = NTA_SIZE(sizeof(uint32_t) * 4), }, [NTA_DNAT_IPV6] = { - .parse = ct_parse_u128, + .parse = ct_parse_be128, .attr = ATTR_DNAT_IPV6, .size = NTA_SIZE(sizeof(uint32_t) * 4), }, @@ -234,7 +235,14 @@ ct_parse_u32(struct nf_conntrack *ct, int attr, void *data) } static void -ct_parse_u128(struct nf_conntrack *ct, int attr, void *data) +ct_parse_be32(struct nf_conntrack *ct, int attr, void *data) +{ + uint32_t *value = (uint32_t *) data; + nfct_set_attr_u32(ct, h[attr].attr, *value); +} + +static void +ct_parse_be128(struct nf_conntrack *ct, int attr, void *data) { nfct_set_attr(ct, h[attr].attr, data); } |