[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 entries in pflog



On Tue, 2004-01-27 at 11:40, Daniel Hartmeier wrote:
> On Tue, Jan 27, 2004 at 11:27:24AM -0500, Jason Dixon wrote:
> 
> > A text representation of an IPv6 address can still be logged as anything
> > from "::" to "x:x:x:x:x:x:x:x", as far as I understand.  Is it possible
> > for a mixed representation ("x:x:x:x:x:x:a.b.c.d") to be logged by PF? 
> > I guess that would depend on the environment.
> 
> Yes, that's possible, see /usr/src/lib/libc/net/inet_ntop.c's
> inet_ntop6().
> 
> Can't you just use getaddrinfo(3) to convert the strings to the binary
> representation (128-bit, network byte order)?
No, I'm not dealing with the packets.  Hatchet is just a script which
parses the pflog output, treating it as ascii.  The problem is in
extracting the IPv6 address from the text stream.  If I already had the
address, the battle would be won.  :)
-- 
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net