lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <C57D5FEB-782D-4106-A447-8FBFDB1AB62B@oracle.com>
Date:	Tue, 25 Nov 2008 11:44:11 -0500
From:	Chuck Lever <chuck.lever@...cle.com>
To:	Harvey Harrison <harvey.harrison@...il.com>
Cc:	Julius Volz <julius.volz@...il.com>, netdev@...r.kernel.org
Subject: Re: Is there any function similar to inet_ntoa() in Kernel or NetFilter ?

On Nov 25, 2008, at 1:01 AM, Harvey Harrison wrote:
> On Mon, 2008-11-24 at 21:03 -0500, Chuck Lever wrote:
>> On Nov 21, 2008, at Nov 21, 2008, 6:08 PM, Julius Volz wrote:
>>> On Thu, Nov 20, 2008 at 10:34 AM, Roar Bjørgum Rotvik <roarbr@...lde.org
>>>> wrote:
>>>> Kunsheng Chen wrote:
>>>>> I am doing a project similar to iptable using netfilter, currently
>>>>> I want
>>>>> to convert a IP address from 'long int' back to dotted address.
>>>>>
>>>>> I don't know whether there is some functions inside kernel or
>>>>> netfilter
>>>>> that could make that like using inet_ntoa() in <arpa/inet.h>
>>>>
>>>> How about NIPQUAD and NIPQUAD_FMT (for IPv4):
>>>> http://lxr.linux.no/linux+v2.6.27.6/include/linux/kernel.h#L324
>>>> http://lxr.linux.no/linux+v2.6.27.6/include/linux/kernel.h#L319
>>>
>>> In the latest tree, there are now "%pI4" and "%pI6" format options
>>> for printk.
>>>
>>> For example:
>>>
>>> printk(KERN_DEBUG "Address: %pI4\n", &v4_addr);
>>
>> I've been watching this with some interest.  Is this API stable now?
>>
>> Is there a way to pass a pointer to a sockaddr and get printk() to
>> figure out whether it's is an AF_INET or AF_INET6 address, and  
>> display
>> it appropriately?
>
> Nope, they're fixed-format currently.  They are pretty simple format
> specifiers at this point.  I'm not sure if adding more dynamic  
> behavior
> is a good idea.

In the NFS and RPC kernel implementation we often need to print an  
address in debugging messages.

It would be so much easier to have a so-called dynamic formatter for  
multiple address types.  Then you can avoid this kind of code in a  
whole lot of places:

	switch (sap->sa_family) {
	case AF_INET:
		dprintk("NFS: connected to address %pI4\n",
			&((struct sockaddr_in *)sap)->sin_addr.s_addr);
		break;
	case AF_INET6:
		/* maybe add some logic here to recognize mapped IPv4
		 * and display it as dotted quad... */
		dprintk("NFS: connected to address %pI6\n",
			&((struct sockaddr_in6 *)sap)->sin6_addr);
		break;
	default:
		dprintk("NFS: bad address\n");
	}

Especially since there is a conditional inside the dprintk() macro  
that skips all of the dprintk() logic if rpc_debug is not set.  This  
could be reduced to:

	dprintk("NFS: connected to address %pS\n", sap);

What we end up doing to make printk() and sprintf() convenient is  
generate the address strings in a buffer, and using "%s" to print  
them.  It consumes memory to keep these buffers around, or a lot of  
stack space to generate the presentation format addresses as needed.   
And, as mentioned above, for debugging messages, the additional buffer  
and conversion logic isn't even needed until debugging is enabled.

>> Does it handle IPv6 scope IDs correctly?
>
> Define correctly? ;-)

The sin6_scope_id field is an unsigned value that specifies an index  
into an array of network interfaces.

It can be converted to presentation format by appending '%' and the  
integer to the IPv6 address.  The scope ID is important for link-local  
addresses.  Without it, a link-local address cannot be used for  
anything but display.

Having the ability to handle a scope ID formatter would be useful for  
putting addresses in buffers too, but you may have only touched  
printk() for now?

There are several places in the NFS client that handle an address  
string -- usually these strings are put on the network or come from  
the network.  The NFSv4 client ID string is composed of at least two  
address strings.  NFSv4 referrals can arrive from a server as a  
hostname or an address string.  Universal addresses, used by rpcbind  
versions 3 and 4, are strings that contain an address and a port  
number in a special format.  All of these things would benefit from  
having the ability to use the address formatters with sprintf() and  
friends.

>> Does it convert IPv6 mapped IPv4 addresses to dotted quad  
>> automatically?
>
> Nope.

For systems built with modern kernels but running in legacy  
distributions or with only IPv4 addresses configured, the sudden  
appearance of an IPv6 presentation format address in the kernel log,  
for example, might be pretty confusing.

> Quick summary:
> %pI4 prints 4 decimal separated decimal numbers
>
> %pI6 prints 8 16-bit hex numbers colon-separated
> %pi6 omits the colons.

It would also be handy if %pI6 could produce the double-colon format.   
I seem to recall there was some talk of having another format  
specifier that could remove contiguous zeros and replace them with "::".

--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ