From f7b4b7bd19b16d11491f18891942f6d48c2fcf7e Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 20 Mar 2009 14:05:31 +0100
Subject: udp: fix missing scope_id in the socket creation

This patch fixes an EINVAL error returned by bind() when opening
an UDP server socket to propagate state-changes over the dedicated
link. This patch also includes the change of the example
configuration files in case that you want to use UDP over IPv6.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 doc/sync/alarm/conntrackd.conf   |  8 ++++++++
 doc/sync/ftfw/conntrackd.conf    |  8 ++++++++
 doc/sync/notrack/conntrackd.conf |  8 ++++++++
 include/udp.h                    |  9 +++++++--
 src/read_config_yy.y             | 13 +++++++++++--
 src/udp.c                        |  5 +++--
 6 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 9197db3..8eb22dd 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -139,12 +139,20 @@ Sync {
 		# UDP address that this firewall uses to listen to events.
 		#
 		# IPv4_address 192.168.2.100
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_address fe80::215:58ff:fe28:5a27
 
 		#
 		# Destination UDP address that receives events, ie. the other
 		# firewall's dedicated link address.
 		#
 		# IPv4_Destination_Address 192.168.2.101
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
 
 		#
 		# UDP port used
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index be78850..059f7b3 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -148,12 +148,20 @@ Sync {
 		# UDP address that this firewall uses to listen to events.
 		#
 		# IPv4_address 192.168.2.100
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_address fe80::215:58ff:fe28:5a27
 
 		#
 		# Destination UDP address that receives events, ie. the other
 		# firewall's dedicated link address.
 		#
 		# IPv4_Destination_Address 192.168.2.101
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
 
 		#
 		# UDP port used
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 173eab5..96ef547 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -129,12 +129,20 @@ Sync {
 		# UDP address that this firewall uses to listen to events.
 		#
 		# IPv4_address 192.168.2.100
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_address fe80::215:58ff:fe28:5a27
 
 		#
 		# Destination UDP address that receives events, ie. the other
 		# firewall's dedicated link address.
 		#
 		# IPv4_Destination_Address 192.168.2.101
+		#
+		# or you may want to use an IPv6 address:
+		#
+		# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
 
 		#
 		# UDP port used
diff --git a/include/udp.h b/include/udp.h
index 02b8af1..6c659b9 100644
--- a/include/udp.h
+++ b/include/udp.h
@@ -10,8 +10,13 @@ struct udp_conf {
 	int checksum;
 	unsigned short port;
 	union {
-		struct in_addr inet_addr;
-		struct in6_addr inet_addr6;
+		struct {
+			struct in_addr inet_addr;
+		} ipv4;
+		struct {
+			struct in6_addr inet_addr6;
+			int scope_id;
+		} ipv6;
 	} server;
 	union {
 		struct in_addr inet_addr;
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index cfcd574..7b62cf3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -464,7 +464,7 @@ udp_option : T_IPV4_ADDR T_IP
 {
 	__max_dedicated_links_reached();
 
-	if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server)) {
+	if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
 		fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
 		break;
 	}
@@ -477,7 +477,7 @@ udp_option : T_IPV6_ADDR T_IP
 
 #ifdef HAVE_INET_PTON_IPV6
 	if (inet_pton(AF_INET6, $2,
-		      &conf.channel[conf.channel_num].u.udp.server) <= 0) {
+		      &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
 		fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
 		break;
 	}
@@ -518,8 +518,17 @@ udp_option : T_IPV6_DEST_ADDR T_IP
 
 udp_option : T_IFACE T_STRING
 {
+	int idx;
+
 	__max_dedicated_links_reached();
 	strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+
+	idx = if_nametoindex($2);
+	if (!idx) {
+		fprintf(stderr, "%s is an invalid interface.\n", $2);
+		break;
+	}
+	conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
 };
 
 udp_option : T_PORT T_NUMBER
diff --git a/src/udp.c b/src/udp.c
index bad8db8..d9943a0 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -33,14 +33,15 @@ struct udp_sock *udp_server_create(struct udp_conf *conf)
 	case AF_INET:
 	        m->addr.ipv4.sin_family = AF_INET;
 	        m->addr.ipv4.sin_port = htons(conf->port);
-	        m->addr.ipv4.sin_addr.s_addr = conf->server.inet_addr.s_addr;
+	        m->addr.ipv4.sin_addr = conf->server.ipv4.inet_addr;
 		m->sockaddr_len = sizeof(struct sockaddr_in); 
 		break;
 
 	case AF_INET6:
 		m->addr.ipv6.sin6_family = AF_INET6;
 		m->addr.ipv6.sin6_port = htons(conf->port);
-		m->addr.ipv6.sin6_addr = conf->server.inet_addr6;
+		m->addr.ipv6.sin6_addr = conf->server.ipv6.inet_addr6;
+		m->addr.ipv6.sin6_scope_id = conf->server.ipv6.scope_id;
 		m->sockaddr_len = sizeof(struct sockaddr_in6);
 		break;
 	}
-- 
cgit v1.2.3