racluster..

rick s442755 at mindlessproductions.com
Thu Oct 19 08:29:04 EDT 2006 


Carter,

thankyou for your assistance i think the ipv6 is close and the v4 is correct
i think... i am still a little concerned about the filtering of the ipv6.
The filter appears to work on ipv4. i will conduct more testing on ipv6
filtering.

with the saddrlen changing to daddrlen on line 3401 of argus_client.c and
making the mask endian match the address endian at the point of masking the
daddr/prefixlen and daddr/v6_mask appear to work correctly.

the mask and address endian doesn't match (on lsb arch) at the point of
masking. My previous patch converted both v4 and v6 masks to nbo when they
are parsed. This keeps them consistent however seemingly the v6 address is
stored hbo instead of nbo like the v4 address. either the netmask byte swap
needs to come badck out or the address needs to be stored nbo like the v4

i suspect the v6 stored in struct in host order may affect output files
written to disk and possibly also affecting the ipv6 filtering code. i
haven't done too much testing on this yet. i also not sure how much other
code this will affect that may be depending on v6 in hbo at the moment..

thoughts?

this patch obviously comments the v6 netmask byte swap if this is your
preferred choice.. IF this isn't breaking other code.

thanks.



--- argus_client.c.orig 2006-10-17 06:16:58.000000000 +1000
+++ argus_client.c      2006-10-19 21:56:55.000000000 +1000
@@ -3398,7 +3398,7 @@
                               for (x = 0; x < 4; x++)
                                  tflow.ipv6_flow.ip_dst[x] = flow->ipv6_flow.ip_dst[x];
                               
-                              if (na->saddrlen > 0)
+                              if (na->daddrlen > 0)
                                  for (x = 0; x < 4; x++)
                                     tflow.ipv6_flow.ip_dst[x] &= na->dmask.addr_un.ipv6[x];
                               break;
@@ -5734,10 +5734,12 @@
             if (strchr(ptr, ':')) {
                if (!(inet_pton(AF_INET6, (const char *) ptr, &mask.addr_un.ipv6) > 0))
                   ArgusLog (LOG_ERR, "syntax error: %s %s", ptr, strerror(errno));
+#if 0
 #if defined(_LITTLE_ENDIAN)
                for (x = 0 ; x < 4 ; x++)
                   mask.addr_un.ipv6[x] = htonl(mask.addr_un.ipv6[x]);
 #endif
+#endif
                len = 128;
             } else
             if (strchr(ptr, '.')) {

More information about the argus mailing list