Use `NFPROTO_*` constants for protocol families

Netfilter has a set of `NFPROTO_*` constants for the protocol families that it
supports, in part because it supports protocols and pseudo-protocols that do not
have `PF_*` (and `AF_*`) constants.  Currently, ulogd uses `AF_*` constants for
protocol families, because it does not support any families which do not have
`AF_*` constants.  Switch to `NFPROTO_*` constants instead, so we can add ARP
support later.

In the IP2* filters, retain `AF_*` for address family variables.

Remove a stray semicolon.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/filter/raw2packet/ulogd_raw2packet_BASE.c b/filter/raw2packet/ulogd_raw2packet_BASE.c
index 09e931349acf9de5d1ef2161d121abc2426ad53e..4b6096421b713f84e6b1621c85f887a42354833e 100644 (file)
--- a/filter/raw2packet/ulogd_raw2packet_BASE.c
+++ b/filter/raw2packet/ulogd_raw2packet_BASE.c
@@ -44,6 +44,7 @@
 #include <ulogd/ipfix_protocol.h>
 #include <netinet/if_ether.h>
 #include <string.h>
+#include <linux/netfilter.h>
 #include <linux/types.h>
 
 enum input_keys {
@@ -937,7 +938,7 @@ static int _interp_bridge(struct ulogd_pluginstance *pi, uint32_t len)
                _interp_arp(pi, len);
                break;
        /* ETH_P_8021Q ?? others? */
-       };
+       }
 
        return ULOGD_IRET_OK;
 }
@@ -953,11 +954,11 @@ static int _interp_pkt(struct ulogd_pluginstance *pi)
                     ikey_get_u16(&pi->input.keys[INKEY_OOB_PROTOCOL]));
 
        switch (family) {
-       case AF_INET:
+       case NFPROTO_IPV4:
                return _interp_iphdr(pi, len);
-       case AF_INET6:
+       case NFPROTO_IPV6:
                return _interp_ipv6hdr(pi, len);
-       case AF_BRIDGE:
+       case NFPROTO_BRIDGE:
                return _interp_bridge(pi, len);
        }
        return ULOGD_IRET_OK;

diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index 2667a2a7f717917a1da17cc045c07cf81561deae..9bbeebbb711e755b800bb95625fc590e2929e4d3 100644 (file)
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -145,14 +146,16 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
        proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
        switch (proto_family) {
-       case AF_INET6:
-       case AF_INET:
-               addr_family = proto_family;
+       case NFPROTO_IPV6:
+               addr_family = AF_INET6;
+               break;
+       case NFPROTO_IPV4:
+               addr_family = AF_INET;
                break;
-       case AF_BRIDGE:
+       case NFPROTO_BRIDGE:
                if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
                        ulogd_log(ULOGD_NOTICE,
-                                 "No protocol inside AF_BRIDGE packet\n");
+                                 "No protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -165,13 +168,13 @@ static int interp_ip2bin(struct ulogd_pluginstance *pi)
                        break;
                default:
                        ulogd_log(ULOGD_NOTICE,
-                                 "Unknown protocol inside AF_BRIDGE packet\n");
+                                 "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                break;
        default:
                /* TODO handle error */
-               ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+               ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
                return ULOGD_IRET_ERR;
        }
 

diff --git a/filter/ulogd_filter_IP2HBIN.c b/filter/ulogd_filter_IP2HBIN.c
index 42ffc94975841dbf651ff3ca4a39cd4a78ed2fb5..081b757a6f1ae39034cca94608f993ddf52df4ba 100644 (file)
--- a/filter/ulogd_filter_IP2HBIN.c
+++ b/filter/ulogd_filter_IP2HBIN.c
@@ -26,6 +26,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -135,14 +136,16 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
        proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
        switch (proto_family) {
-       case AF_INET6:
-       case AF_INET:
-               addr_family = proto_family;
+       case NFPROTO_IPV6:
+               addr_family = AF_INET6;
+               break;
+       case NFPROTO_IPV4:
+               addr_family = AF_INET;
                break;
-       case AF_BRIDGE:
+       case NFPROTO_BRIDGE:
                if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
                        ulogd_log(ULOGD_NOTICE,
-                                 "No protocol inside AF_BRIDGE packet\n");
+                                 "No protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -155,13 +158,13 @@ static int interp_ip2hbin(struct ulogd_pluginstance *pi)
                        break;
                default:
                        ulogd_log(ULOGD_NOTICE,
-                                 "Unknown protocol inside AF_BRIDGE packet\n");
+                                 "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                break;
        default:
                /* TODO handle error */
-               ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+               ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
                return ULOGD_IRET_ERR;
        }
 

diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 194a8b1032721d77372b2c809bd167b82db40816..3d4d6e9dc89712298731e9407d8b64438add5220 100644 (file)
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -25,6 +25,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <arpa/inet.h>
+#include <linux/netfilter.h>
 #include <ulogd/ulogd.h>
 #include <netinet/if_ether.h>
 
@@ -170,14 +171,16 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
        proto_family = ikey_get_u8(&inp[KEY_OOB_FAMILY]);
 
        switch (proto_family) {
-       case AF_INET6:
-       case AF_INET:
-               addr_family = proto_family;
+       case NFPROTO_IPV6:
+               addr_family = AF_INET6;
+               break;
+       case NFPROTO_IPV4:
+               addr_family = AF_INET;
                break;
-       case AF_BRIDGE:
+       case NFPROTO_BRIDGE:
                if (!pp_is_valid(inp, KEY_OOB_PROTOCOL)) {
                        ulogd_log(ULOGD_NOTICE,
-                                 "No protocol inside AF_BRIDGE packet\n");
+                                 "No protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                switch (ikey_get_u16(&inp[KEY_OOB_PROTOCOL])) {
@@ -190,13 +193,13 @@ static int interp_ip2str(struct ulogd_pluginstance *pi)
                        break;
                default:
                        ulogd_log(ULOGD_NOTICE,
-                                 "Unknown protocol inside AF_BRIDGE packet\n");
+                                 "Unexpected protocol inside NFPROTO_BRIDGE packet\n");
                        return ULOGD_IRET_ERR;
                }
                break;
        default:
                /* TODO error handling */
-               ulogd_log(ULOGD_NOTICE, "Unknown protocol family\n");
+               ulogd_log(ULOGD_NOTICE, "Unexpected protocol family\n");
                return ULOGD_IRET_ERR;
        }
 

diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 8746b881a3ab1c1be11ee170877188276123ca50..82dc83a8a440720217ca58776a09c906c18973c2 100644 (file)
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -48,6 +48,7 @@
 #include <ulogd/namespace.h>
 
 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter.h>
 
 #ifndef NSEC_PER_SEC
 #define NSEC_PER_SEC    1000000000L
@@ -491,14 +492,14 @@ static uint32_t hash(const void *data, const struct hashtable *table)
        const struct nf_conntrack *ct = data;
 
        switch(nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-               case AF_INET:
-                       ret = __hash4(ct, table);
-                       break;
-               case AF_INET6:
-                       ret = __hash6(ct, table);
-                       break;
-               default:
-                       break;
+       case NFPROTO_IPV4:
+               ret = __hash4(ct, table);
+               break;
+       case NFPROTO_IPV6:
+               ret = __hash6(ct, table);
+               break;
+       default:
+               break;
        }
 
        return ret;
@@ -528,7 +529,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
        okey_set_u8(&ret[NFCT_OOB_PROTOCOL], 0); /* FIXME */
 
        switch (nfct_get_attr_u8(ct, ATTR_L3PROTO)) {
-       case AF_INET:
+       case NFPROTO_IPV4:
                okey_set_u32(&ret[NFCT_ORIG_IP_SADDR],
                             nfct_get_attr_u32(ct, ATTR_ORIG_IPV4_SRC));
                okey_set_u32(&ret[NFCT_ORIG_IP_DADDR],
@@ -538,7 +539,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
                okey_set_u32(&ret[NFCT_REPLY_IP_DADDR],
                             nfct_get_attr_u32(ct, ATTR_REPL_IPV4_DST));
                break;
-       case AF_INET6:
+       case NFPROTO_IPV6:
                okey_set_u128(&ret[NFCT_ORIG_IP_SADDR],
                              nfct_get_attr(ct, ATTR_ORIG_IPV6_SRC));
                okey_set_u128(&ret[NFCT_ORIG_IP_DADDR],
@@ -549,7 +550,7 @@ static int propagate_ct(struct ulogd_pluginstance *main_upi,
                              nfct_get_attr(ct, ATTR_REPL_IPV6_DST));
                break;
        default:
-               ulogd_log(ULOGD_NOTICE, "Unknown protocol family (%d)\n",
+               ulogd_log(ULOGD_NOTICE, "Unexpected protocol family (%d)\n",
                          nfct_get_attr_u8(ct, ATTR_L3PROTO));
        }
        okey_set_u8(&ret[NFCT_ORIG_IP_PROTOCOL],

diff --git a/input/packet/ulogd_inppkt_UNIXSOCK.c b/input/packet/ulogd_inppkt_UNIXSOCK.c
index 0d9ba60768ccdc0b9ccfdedc473a072738dd747b..bed5ccc6940f00b6daa20c71735179233326fa48 100644 (file)
--- a/input/packet/ulogd_inppkt_UNIXSOCK.c
+++ b/input/packet/ulogd_inppkt_UNIXSOCK.c
@@ -32,6 +32,7 @@
 #include <pwd.h>
 #include <grp.h>
 #include <errno.h>
+#include <linux/netfilter.h>
 
 #include <ulogd/ulogd.h>
 
@@ -388,11 +389,11 @@ static int handle_packet(struct ulogd_pluginstance *upi, struct ulogd_unixsock_p
        payload_len = ntohs(pkt->payload_length);
 
        if (ip_version == 4)
-               oob_family = AF_INET;
+               oob_family = NFPROTO_IPV4;
        else if (ip_version == 6)
-               oob_family = AF_INET6;
+               oob_family = NFPROTO_IPV6;
        else
-               oob_family = 0;
+               oob_family = NFPROTO_UNSPEC;
 
        okey_set_u8(&ret[UNIXSOCK_KEY_OOB_FAMILY], oob_family);
        okey_set_ptr(&ret[UNIXSOCK_KEY_RAW_PCKT], &pkt->payload);

diff --git a/util/printpkt.c b/util/printpkt.c
index 09a219417f914fd838fa4c98247ec1fa59ddb5e8..2fecd50e233c483cd5d1023268b67ef30f76b138 100644 (file)
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -35,6 +35,7 @@
 #include <ulogd/conffile.h>
 #include <ulogd/printpkt.h>
 #include <netinet/if_ether.h>
+#include <linux/netfilter.h>
 
 struct ulogd_key printpkt_keys[] = {
        [KEY_OOB_FAMILY]        = { .name = "oob.family", },
@@ -457,13 +458,13 @@ int printpkt_print(struct ulogd_key *res, char *buf)
                buf_cur += sprintf(buf_cur, "MAC= ");
 
        switch (ikey_get_u8(&res[KEY_OOB_FAMILY])) {
-       case AF_INET:
+       case NFPROTO_IPV4:
                buf_cur += printpkt_ipv4(res, buf_cur);
                break;
-       case AF_INET6:
+       case NFPROTO_IPV6:
                buf_cur += printpkt_ipv6(res, buf_cur);
                break;
-       case AF_BRIDGE:
+       case NFPROTO_BRIDGE:
                buf_cur += printpkt_bridge(res, buf_cur);
                break;
        }