| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <C57D5FEB-782D-4106-A447-8FBFDB1AB62B@oracle.com>
Date: Tue, 25 Nov 2008 11:44:11 -0500
From: Chuck Lever <chuck.lever@...cle.com>
To: Harvey Harrison <harvey.harrison@...il.com>
Cc: Julius Volz <julius.volz@...il.com>, netdev@...r.kernel.org
Subject: Re: Is there any function similar to inet_ntoa() in Kernel or NetFilter ?
On Nov 25, 2008, at 1:01 AM, Harvey Harrison wrote:
> On Mon, 2008-11-24 at 21:03 -0500, Chuck Lever wrote:
>> On Nov 21, 2008, at Nov 21, 2008, 6:08 PM, Julius Volz wrote:
>>> On Thu, Nov 20, 2008 at 10:34 AM, Roar Bjørgum Rotvik <roarbr@...lde.org
>>>> wrote:
>>>> Kunsheng Chen wrote:
>>>>> I am doing a project similar to iptable using netfilter, currently
>>>>> I want
>>>>> to convert a IP address from 'long int' back to dotted address.
>>>>>
>>>>> I don't know whether there is some functions inside kernel or
>>>>> netfilter
>>>>> that could make that like using inet_ntoa() in <arpa/inet.h>
>>>>
>>>> How about NIPQUAD and NIPQUAD_FMT (for IPv4):
>>>> http://lxr.linux.no/linux+v2.6.27.6/include/linux/kernel.h#L324
>>>> http://lxr.linux.no/linux+v2.6.27.6/include/linux/kernel.h#L319
>>>
>>> In the latest tree, there are now "%pI4" and "%pI6" format options
>>> for printk.
>>>
>>> For example:
>>>
>>> printk(KERN_DEBUG "Address: %pI4\n", &v4_addr);
>>
>> I've been watching this with some interest. Is this API stable now?
>>
>> Is there a way to pass a pointer to a sockaddr and get printk() to
>> figure out whether it's is an AF_INET or AF_INET6 address, and
>> display
>> it appropriately?
>
> Nope, they're fixed-format currently. They are pretty simple format
> specifiers at this point. I'm not sure if adding more dynamic
> behavior
> is a good idea.
In the NFS and RPC kernel implementation we often need to print an
address in debugging messages.
It would be so much easier to have a so-called dynamic formatter for
multiple address types. Then you can avoid this kind of code in a
whole lot of places:
switch (sap->sa_family) {
case AF_INET:
dprintk("NFS: connected to address %pI4\n",
&((struct sockaddr_in *)sap)->sin_addr.s_addr);
break;
case AF_INET6:
/* maybe add some logic here to recognize mapped IPv4
* and display it as dotted quad... */
dprintk("NFS: connected to address %pI6\n",
&((struct sockaddr_in6 *)sap)->sin6_addr);
break;
default:
dprintk("NFS: bad address\n");
}
Especially since there is a conditional inside the dprintk() macro
that skips all of the dprintk() logic if rpc_debug is not set. This
could be reduced to:
dprintk("NFS: connected to address %pS\n", sap);
What we end up doing to make printk() and sprintf() convenient is
generate the address strings in a buffer, and using "%s" to print
them. It consumes memory to keep these buffers around, or a lot of
stack space to generate the presentation format addresses as needed.
And, as mentioned above, for debugging messages, the additional buffer
and conversion logic isn't even needed until debugging is enabled.
>> Does it handle IPv6 scope IDs correctly?
>
> Define correctly? ;-)
The sin6_scope_id field is an unsigned value that specifies an index
into an array of network interfaces.
It can be converted to presentation format by appending '%' and the
integer to the IPv6 address. The scope ID is important for link-local
addresses. Without it, a link-local address cannot be used for
anything but display.
Having the ability to handle a scope ID formatter would be useful for
putting addresses in buffers too, but you may have only touched
printk() for now?
There are several places in the NFS client that handle an address
string -- usually these strings are put on the network or come from
the network. The NFSv4 client ID string is composed of at least two
address strings. NFSv4 referrals can arrive from a server as a
hostname or an address string. Universal addresses, used by rpcbind
versions 3 and 4, are strings that contain an address and a port
number in a special format. All of these things would benefit from
having the ability to use the address formatters with sprintf() and
friends.
>> Does it convert IPv6 mapped IPv4 addresses to dotted quad
>> automatically?
>
> Nope.
For systems built with modern kernels but running in legacy
distributions or with only IPv4 addresses configured, the sudden
appearance of an IPv6 presentation format address in the kernel log,
for example, might be pretty confusing.
> Quick summary:
> %pI4 prints 4 decimal separated decimal numbers
>
> %pI6 prints 8 16-bit hex numbers colon-separated
> %pi6 omits the colons.
It would also be handy if %pI6 could produce the double-colon format.
I seem to recall there was some talk of having another format
specifier that could remove contiguous zeros and replace them with "::".
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists