summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-03-20 14:05:31 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2009-03-20 14:05:31 +0100
commitf7b4b7bd19b16d11491f18891942f6d48c2fcf7e (patch)
tree800729577e679355b073709e35baaf094e6623a3
parent28255df51433846bad67cccb69bb285660ef1667 (diff)
downloadconntrack-tools-f7b4b7bd19b16d11491f18891942f6d48c2fcf7e.tar.gz
conntrack-tools-f7b4b7bd19b16d11491f18891942f6d48c2fcf7e.zip
udp: fix missing scope_id in the socket creation
This patch fixes an EINVAL error returned by bind() when opening an UDP server socket to propagate state-changes over the dedicated link. This patch also includes the change of the example configuration files in case that you want to use UDP over IPv6. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--doc/sync/alarm/conntrackd.conf8
-rw-r--r--doc/sync/ftfw/conntrackd.conf8
-rw-r--r--doc/sync/notrack/conntrackd.conf8
-rw-r--r--include/udp.h9
-rw-r--r--src/read_config_yy.y13
-rw-r--r--src/udp.c5
6 files changed, 45 insertions, 6 deletions
diff --git a/doc/sync/alarm/conntrackd.conf b/doc/sync/alarm/conntrackd.conf
index 9197db3..8eb22dd 100644
--- a/doc/sync/alarm/conntrackd.conf
+++ b/doc/sync/alarm/conntrackd.conf
@@ -139,12 +139,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/doc/sync/ftfw/conntrackd.conf b/doc/sync/ftfw/conntrackd.conf
index be78850..059f7b3 100644
--- a/doc/sync/ftfw/conntrackd.conf
+++ b/doc/sync/ftfw/conntrackd.conf
@@ -148,12 +148,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/doc/sync/notrack/conntrackd.conf b/doc/sync/notrack/conntrackd.conf
index 173eab5..96ef547 100644
--- a/doc/sync/notrack/conntrackd.conf
+++ b/doc/sync/notrack/conntrackd.conf
@@ -129,12 +129,20 @@ Sync {
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
+ #
+ # or you may want to use an IPv6 address:
+ #
+ # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
diff --git a/include/udp.h b/include/udp.h
index 02b8af1..6c659b9 100644
--- a/include/udp.h
+++ b/include/udp.h
@@ -10,8 +10,13 @@ struct udp_conf {
int checksum;
unsigned short port;
union {
- struct in_addr inet_addr;
- struct in6_addr inet_addr6;
+ struct {
+ struct in_addr inet_addr;
+ } ipv4;
+ struct {
+ struct in6_addr inet_addr6;
+ int scope_id;
+ } ipv6;
} server;
union {
struct in_addr inet_addr;
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index cfcd574..7b62cf3 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -464,7 +464,7 @@ udp_option : T_IPV4_ADDR T_IP
{
__max_dedicated_links_reached();
- if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server)) {
+ if (!inet_aton($2, &conf.channel[conf.channel_num].u.udp.server.ipv4)) {
fprintf(stderr, "%s is not a valid IPv4 address\n", $2);
break;
}
@@ -477,7 +477,7 @@ udp_option : T_IPV6_ADDR T_IP
#ifdef HAVE_INET_PTON_IPV6
if (inet_pton(AF_INET6, $2,
- &conf.channel[conf.channel_num].u.udp.server) <= 0) {
+ &conf.channel[conf.channel_num].u.udp.server.ipv6) <= 0) {
fprintf(stderr, "%s is not a valid IPv6 address\n", $2);
break;
}
@@ -518,8 +518,17 @@ udp_option : T_IPV6_DEST_ADDR T_IP
udp_option : T_IFACE T_STRING
{
+ int idx;
+
__max_dedicated_links_reached();
strncpy(conf.channel[conf.channel_num].channel_ifname, $2, IFNAMSIZ);
+
+ idx = if_nametoindex($2);
+ if (!idx) {
+ fprintf(stderr, "%s is an invalid interface.\n", $2);
+ break;
+ }
+ conf.channel[conf.channel_num].u.udp.server.ipv6.scope_id = idx;
};
udp_option : T_PORT T_NUMBER
diff --git a/src/udp.c b/src/udp.c
index bad8db8..d9943a0 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -33,14 +33,15 @@ struct udp_sock *udp_server_create(struct udp_conf *conf)
case AF_INET:
m->addr.ipv4.sin_family = AF_INET;
m->addr.ipv4.sin_port = htons(conf->port);
- m->addr.ipv4.sin_addr.s_addr = conf->server.inet_addr.s_addr;
+ m->addr.ipv4.sin_addr = conf->server.ipv4.inet_addr;
m->sockaddr_len = sizeof(struct sockaddr_in);
break;
case AF_INET6:
m->addr.ipv6.sin6_family = AF_INET6;
m->addr.ipv6.sin6_port = htons(conf->port);
- m->addr.ipv6.sin6_addr = conf->server.inet_addr6;
+ m->addr.ipv6.sin6_addr = conf->server.ipv6.inet_addr6;
+ m->addr.ipv6.sin6_scope_id = conf->server.ipv6.scope_id;
m->sockaddr_len = sizeof(struct sockaddr_in6);
break;
}