[ULOGD PATCH 0/5] UID dump support in NFLOG, IPCMPv6 support in SQL

[ULOGD PATCH 0/5] UID dump support in NFLOG, IPCMPv6 support in SQL

[Eric Leblond]

Hi,

This patchset starts with two minor code cleaning patches.

The rest of patchset contains some more significative things:
 * Add UID in NFLOG (ood.uid) and make PRINTPKT able to display the key if
 present
 * Add IPCMPv6 support to SQL schema

BR,
--
Eric Leblond <eric@inl.fr>
INL: http://www.inl.fr/

[ULOGD PATCH 1/5] Fix treatment of return from function

[Eric Leblond]

The treatment of the return of some functions from libnetfilter_log API was wrong and this
was preventing some fields to be propagated through the stack.

Signed-off-by: Eric Leblond <eric@inl.fr>
---
:100644 100644 be46fa2... 1b8e32c... M	input/packet/ulogd_inppkt_NFLOG.c
 input/packet/ulogd_inppkt_NFLOG.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index be46fa2..1b8e32c 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -317,11 +317,11 @@ interp_packet(struct ulogd_pluginstance *upi, struct nflog_data *ldata)
 		ret[NFLOG_KEY_OOB_IFINDEX_OUT].flags |= ULOGD_RETF_VALID;
 	}
 
-	if (nflog_get_seq(ldata, &seq)) {
+	if (nflog_get_seq(ldata, &seq) == 0) {
 		ret[NFLOG_KEY_OOB_SEQ_LOCAL].u.value.ui32 = seq;
 		ret[NFLOG_KEY_OOB_SEQ_LOCAL].flags |= ULOGD_RETF_VALID;
 	}
-	if (nflog_get_seq_global(ldata, &seq)) {
+	if (nflog_get_seq_global(ldata, &seq) == 0) {
 		ret[NFLOG_KEY_OOB_SEQ_GLOBAL].u.value.ui32 = seq;
 		ret[NFLOG_KEY_OOB_SEQ_GLOBAL].flags |= ULOGD_RETF_VALID;
 	}
-- 
1.5.2.5

Re: [ULOGD PATCH 1/5] Fix treatment of return from function

[Pablo Neira Ayuso]

Eric Leblond wrote:
> The treatment of the return of some functions from libnetfilter_log API was wrong and this
> was preventing some fields to be propagated through the stack.

Applied. Thanks.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: [ULOGD PATCH 1/5] Fix treatment of return from function

[Pablo Neira Ayuso]

Eric Leblond wrote:
> The treatment of the return of some functions from libnetfilter_log API was wrong and this
> was preventing some fields to be propagated through the stack.

libnetfilter_log API is confusing, get_seq() should returns 1 if OK,
that seems more logical to me. Well, we don't have anything to do here
apart from rewritten the API or move later to libnl.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

[ULOGD PATCH 2/5] Factorize definition of some macros.

[Eric Leblond]

Some macros were defined several time. This was the case of GET_VALUE,
pp_is_valid. This patch puts the definition in ulogd.h and fixes the
definition of pp_is_valid which was wrong (causing segfault by acessing to
fields at NULL).

Signed-off-by: Eric Leblond <eric@inl.fr>
---
:100644 100644 e490b64... 9b0110e... M	filter/ulogd_filter_IP2BIN.c
:100644 100644 2a61220... 39edc05... M	filter/ulogd_filter_IP2STR.c
:100644 100644 1bd0b6c... b1d0996... M	include/ulogd/ulogd.h
:100644 100644 d803633... 92c4f0f... M	util/printflow.c
:100644 100644 6606824... 35d8080... M	util/printpkt.c
 filter/ulogd_filter_IP2BIN.c |    5 -----
 filter/ulogd_filter_IP2STR.c |    5 -----
 include/ulogd/ulogd.h        |    5 +++++
 util/printflow.c             |    4 ----
 util/printpkt.c              |    4 ----
 5 files changed, 5 insertions(+), 18 deletions(-)

diff --git a/filter/ulogd_filter_IP2BIN.c b/filter/ulogd_filter_IP2BIN.c
index e490b64..9b0110e 100644
--- a/filter/ulogd_filter_IP2BIN.c
+++ b/filter/ulogd_filter_IP2BIN.c
@@ -114,11 +114,6 @@ static struct ulogd_key ip2bin_keys[] = {
 
 };
 
-#define GET_VALUE(res, x)	(res[x].u.source->u.value)
-#define GET_FLAGS(res, x)	(res[x].u.source->flags)
-#define pp_is_valid(res, x)	\
-	(res[x].u.source && (GET_FLAGS(res, x) & ULOGD_RETF_VALID))
-
 /**
  * Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address:
  * add 96 bits prefix "::ffff:" to get IPv6 address "::ffff:a.b.c.d".
diff --git a/filter/ulogd_filter_IP2STR.c b/filter/ulogd_filter_IP2STR.c
index 2a61220..39edc05 100644
--- a/filter/ulogd_filter_IP2STR.c
+++ b/filter/ulogd_filter_IP2STR.c
@@ -113,11 +113,6 @@ static struct ulogd_key ip2str_keys[] = {
 	},
 };
 
-#define GET_VALUE(res, x)	(res[x].u.source->u.value)
-#define GET_FLAGS(res, x)	(res[x].u.source->flags)
-#define pp_is_valid(res, x)	\
-	(res[x].u.source && (GET_FLAGS(res, x) & ULOGD_RETF_VALID))
-
 static char *ip2str(struct ulogd_key* inp, int index, char family)
 {
 	char tmp[IPADDR_LENGTH];
diff --git a/include/ulogd/ulogd.h b/include/ulogd/ulogd.h
index 1bd0b6c..b1d0996 100644
--- a/include/ulogd/ulogd.h
+++ b/include/ulogd/ulogd.h
@@ -216,6 +216,11 @@ void __ulogd_log(int level, char *file, int line, const char *message, ...);
 #define IS_NEEDED(x)	(x.flags & ULOGD_RETF_NEEDED)
 #define SET_NEEDED(x)	(x.flags |= ULOGD_RETF_NEEDED)
 
+#define GET_VALUE(res, x)	(res[x].u.source->u.value)
+#define GET_FLAGS(res, x)	(res[x].u.source->flags)
+#define pp_is_valid(res, x)	\
+	(res[x].u.source && (GET_FLAGS(res, x) & ULOGD_RETF_VALID))
+
 int ulogd_key_size(struct ulogd_key *key);
 int ulogd_wildcard_inputkeys(struct ulogd_pluginstance *upi);
 
diff --git a/util/printflow.c b/util/printflow.c
index d803633..92c4f0f 100644
--- a/util/printflow.c
+++ b/util/printflow.c
@@ -131,10 +131,6 @@ struct ulogd_key printflow_keys[FLOW_IDS] = {
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
 
-#define GET_VALUE(res, x)	(res[x].u.source->u.value)
-#define GET_FLAGS(res, x)	(res[x].u.source->flags)
-#define pp_is_valid(res, x)	(GET_FLAGS(res, x) & ULOGD_RETF_VALID)
-
 #define pp_print(buf_cur, label, res, x, type) \
 	if (pp_is_valid(res, x)) \
 		buf_cur += sprintf(buf_cur, label"=%u ", GET_VALUE(res, x).type);
diff --git a/util/printpkt.c b/util/printpkt.c
index 6606824..35d8080 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -89,10 +89,6 @@ struct ulogd_key printpkt_keys[] = {
 	[KEY_AHESP_SPI]		= { .name = "ahesp.spi", },
 };
 
-#define GET_VALUE(res, x)	(res[x].u.source->u.value)
-#define GET_FLAGS(res, x)	(res[x].u.source->flags)
-#define pp_is_valid(res, x)	(GET_FLAGS(res, x) & ULOGD_RETF_VALID)
-
 static int printpkt_proto(struct ulogd_key *res, char *buf, int protocol)
 {
 	char *buf_cur = buf;
-- 
1.5.2.5

Re: [ULOGD PATCH 2/5] Factorize definition of some macros.

[Pablo Neira Ayuso]

Eric Leblond wrote:
> Some macros were defined several time. This was the case of GET_VALUE,
> pp_is_valid. This patch puts the definition in ulogd.h and fixes the
> definition of pp_is_valid which was wrong (causing segfault by acessing to
> fields at NULL).

I like these sort of cleanups a lot. I think that the code of the input
handlers would be also much nicer if we cook some macros to setup values
and flags of the ulogd_keys.

Applied. Thanks Eric.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

[PATCH 3/5] Add Icmpv6 support to SQL schema.

[Eric Leblond]

Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
---
:100644 100644 d42d216... b154c74... M	doc/mysql-ulogd2.sql
:100644 100644 740a7ef... 87a85fb... M	doc/pgsql-ulogd2.sql
 doc/mysql-ulogd2.sql |   67 +++++++++++++++++++++++++++++++++++++++++++++----
 doc/pgsql-ulogd2.sql |   55 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 110 insertions(+), 12 deletions(-)

diff --git a/doc/mysql-ulogd2.sql b/doc/mysql-ulogd2.sql
index d42d216..b154c74 100644
--- a/doc/mysql-ulogd2.sql
+++ b/doc/mysql-ulogd2.sql
@@ -14,7 +14,7 @@ CREATE TABLE `_format` (
   `version` int(4) NOT NULL
 ) ENGINE=INNODB;
 
-INSERT INTO _format (version) VALUES (4);
+INSERT INTO _format (version) VALUES (5);
 
 -- this table could be used to know which user-defined tables are linked
 -- to ulog
@@ -31,8 +31,11 @@ DROP TABLE IF EXISTS `mac`;
 DROP TABLE IF EXISTS `tcp`;
 DROP TABLE IF EXISTS `udp`;
 DROP TABLE IF EXISTS `icmp`;
+DROP TABLE IF EXISTS `icmpv6`;
 DROP TABLE IF EXISTS `nufw`;
 DROP TABLE IF EXISTS `ulog2_ct`;
+DROP TABLE IF EXISTS `state_t`;
+DROP TABLE IF EXISTS `nufw`;
 DROP TABLE IF EXISTS `ulog2`;
 
 CREATE TABLE `ulog2` (
@@ -125,6 +128,18 @@ CREATE TABLE `icmp` (
 ALTER TABLE icmp ADD UNIQUE KEY `key_icmp_id` (`_icmp_id`);
 ALTER TABLE icmp ADD KEY `index_icmp_id` (`_icmp_id`);
 
+CREATE TABLE `icmpv6` (
+  `_icmpv6_id` bigint unsigned NOT NULL,
+  `icmpv6_type` tinyint(3) unsigned default NULL,
+  `icmpv6_code` tinyint(3) unsigned default NULL,
+  `icmpv6_echoid` smallint(5) unsigned default NULL,
+  `icmpv6_echoseq` smallint(5) unsigned default NULL,
+  `icmpv6_csum` int(10) unsigned default NULL
+) ENGINE=INNODB;
+
+ALTER TABLE icmpv6 ADD UNIQUE KEY `key_icmpv6_id` (`_icmpv6_id`);
+ALTER TABLE icmpv6 ADD KEY `index_icmpv6_id` (`_icmpv6_id`);
+
 
 -- views
 
@@ -143,6 +158,10 @@ DROP VIEW IF EXISTS `view_icmp`;
 CREATE SQL SECURITY INVOKER VIEW `view_icmp` AS
         SELECT * FROM ulog2 INNER JOIN icmp ON ulog2._id = icmp._icmp_id;
 
+DROP VIEW IF EXISTS `view_icmpv6`;
+CREATE SQL SECURITY INVOKER VIEW `view_icmpv6` AS
+        SELECT * FROM ulog2 INNER JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
+
 -- ulog view
 DROP VIEW IF EXISTS `ulog`;
 -- CREATE SQL SECURITY INVOKER VIEW `ulog` AS
@@ -187,9 +206,18 @@ CREATE SQL SECURITY INVOKER VIEW `ulog` AS
         icmp_echoid,
         icmp_echoseq,
         icmp_gateway,
-        icmp_fragmtu
+        icmp_fragmtu,
+	icmpv6_type,
+	icmpv6_code,
+	icmpv6_echoid,
+	icmpv6_echoseq,
+	icmpv6_csum
+--	mac_saddr,
+--	mac_daddr,
+--	mac_protocol,
         FROM ulog2 LEFT JOIN tcp ON ulog2._id = tcp._tcp_id LEFT JOIN udp ON ulog2._id = udp._udp_id
-                LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id;
+                LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id
+                LEFT JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
 
 
 -- shortcuts
@@ -303,7 +331,6 @@ INSERT INTO ip_proto (_proto_id,proto_name,proto_desc) VALUES
         (58,'ipv6-icmp','ICMP for IPv6');
 
 -- State
-DROP TABLE IF EXISTS `state_t`;
 CREATE TABLE `state_t` (
   `_state_id` bigint unsigned NOT NULL,
   state tinyint(3) unsigned
@@ -319,7 +346,6 @@ INSERT INTO _extensions (ext_name,table_name,join_name) VALUES
 
 -- NuFW specific
 
-DROP TABLE IF EXISTS `nufw`;
 CREATE TABLE `nufw` (
   `_nufw_id` bigint unsigned NOT NULL,
   `username` varchar(30) default NULL,
@@ -362,6 +388,7 @@ SQL SECURITY INVOKER
 COMMENT 'Drop constraints for ulog2 tables'
 BEGIN
         -- remember : table with most constraints first
+        ALTER TABLE icmpv6 DROP FOREIGN KEY _icmpv6_id; 
         ALTER TABLE icmp DROP FOREIGN KEY _icmp_id; 
         ALTER TABLE udp DROP FOREIGN KEY _udp_id; 
         ALTER TABLE tcp DROP FOREIGN KEY _tcp_id; 
@@ -380,6 +407,7 @@ BEGIN
         ALTER TABLE tcp ADD CONSTRAINT _tcp_id FOREIGN KEY (_tcp_id) REFERENCES ulog2 (_id);
         ALTER TABLE udp ADD CONSTRAINT _udp_id FOREIGN KEY (_udp_id) REFERENCES ulog2 (_id);
         ALTER TABLE icmp ADD CONSTRAINT _icmp_id FOREIGN KEY (_icmp_id) REFERENCES ulog2 (_id);
+        ALTER TABLE icmpv6 ADD CONSTRAINT _icmpv6_id FOREIGN KEY (_icmpv6_id) REFERENCES ulog2 (_id);
 END
 $$
 delimiter ;
@@ -515,6 +543,25 @@ BEGIN
 END
 $$
 
+delimiter $$
+DROP PROCEDURE IF EXISTS PACKET_ADD_ICMPV6;
+CREATE PROCEDURE PACKET_ADD_ICMPV6(
+		IN `id` int(10) unsigned,
+		IN `_icmpv6_type` tinyint(3) unsigned,
+		IN `_icmpv6_code` tinyint(3) unsigned,
+		IN `_icmpv6_echoid` smallint(5) unsigned,
+		IN `_icmpv6_echoseq` smallint(5) unsigned,
+		IN `_icmpv6_csum` int(10) unsigned
+		)
+BEGIN
+	INSERT INTO icmpv6 (_icmpv6_id, icmpv6_type, icmpv6_code, icmpv6_echoid, 
+			    icmpv6_echoseq, icmpv6_csum) VALUES
+			   (id, _icmpv6_type, _icmpv6_code, _icmpv6_echoid,
+			    _icmpv6_echoseq, _icmpv6_csum);
+END
+$$
+
+
 
 delimiter $$
 DROP PROCEDURE IF EXISTS PACKET_ADD_MAC;
@@ -570,7 +617,12 @@ CREATE FUNCTION INSERT_PACKET_FULL(
 		icmp_echoid smallint(5) unsigned,
 		icmp_echoseq smallint(5) unsigned,
 		icmp_gateway int(10) unsigned,
-		icmp_fragmtu smallint(5) unsigned
+		icmp_fragmtu smallint(5) unsigned,
+		icmpv6_type tinyint(3) unsigned,
+		icmpv6_code tinyint(3) unsigned,
+		icmpv6_echoid smallint(5) unsigned,
+		icmpv6_echoseq smallint(5) unsigned,
+		icmpv6_csum int(10) unsigned
 --		mac_saddr binary(12),
 --		mac_daddr binary(12),
 --		mac_protocol smallint(5)
@@ -591,6 +643,9 @@ BEGIN
 	ELSEIF _ip_protocol = 1 THEN
 		CALL PACKET_ADD_ICMP(@lastid, icmp_type, icmp_code, icmp_echoid, icmp_echoseq, 
 				     icmp_gateway, icmp_fragmtu);
+	ELSEIF _ip_protocol = 58 THEN
+		CALL PACKET_ADD_ICMPV6(@lastid, icmpv6_type, icmpv6_code, icmpv6_echoid,
+				       icmpv6_echoseq, icmpv6_csum);
 	END IF;
 --	IF mac_protocol IS NOT NULL THEN
 --		CALL PACKET_ADD_MAC(@lastid, mac_saddr, mac_daddr, mac_protocol);
diff --git a/doc/pgsql-ulogd2.sql b/doc/pgsql-ulogd2.sql
index 740a7ef..87a85fb 100644
--- a/doc/pgsql-ulogd2.sql
+++ b/doc/pgsql-ulogd2.sql
@@ -13,7 +13,7 @@ CREATE TABLE _format (
   version integer
 ) WITH (OIDS=FALSE);
 
-INSERT INTO _format (version) VALUES (4);
+INSERT INTO _format (version) VALUES (5);
 
 -- this table could be used to know which user-defined tables are linked
 -- to ulog
@@ -29,6 +29,7 @@ DROP TABLE IF EXISTS mac CASCADE;
 DROP TABLE IF EXISTS tcp CASCADE;
 DROP TABLE IF EXISTS udp CASCADE;
 DROP TABLE IF EXISTS icmp CASCADE;
+DROP TABLE IF EXISTS icmpv6 CASCADE;
 DROP TABLE IF EXISTS nufw CASCADE;
 DROP TABLE IF EXISTS ulog2_ct CASCADE;
 DROP TABLE IF EXISTS ulog2 CASCADE;
@@ -118,6 +119,15 @@ CREATE TABLE icmp (
   icmp_fragmtu smallint  default NULL
 ) WITH (OIDS=FALSE);
 
+CREATE TABLE icmpv6 (
+  _icmpv6_id bigint PRIMARY KEY UNIQUE NOT NULL,
+  icmpv6_type smallint default NULL,
+  icmpv6_code smallint default NULL,
+  icmpv6_echoid smallint default NULL,
+  icmpv6_echoseq smallint default NULL,
+  icmpv6_csum integer default NULL
+) WITH (OIDS=FALSE);
+
 -- 
 -- VIEWS
 -- 
@@ -131,6 +141,9 @@ CREATE OR REPLACE VIEW view_udp AS
 CREATE OR REPLACE VIEW view_icmp AS
         SELECT * FROM ulog2 INNER JOIN icmp ON ulog2._id = icmp._icmp_id;
 
+CREATE OR REPLACE VIEW view_icmpv6 AS
+        SELECT * FROM ulog2 INNER JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
+
 -- complete view
 CREATE OR REPLACE VIEW ulog AS
         SELECT _id,
@@ -171,9 +184,15 @@ CREATE OR REPLACE VIEW ulog AS
         icmp_echoid,
         icmp_echoseq,
         icmp_gateway,
-        icmp_fragmtu
+        icmp_fragmtu,
+        icmpv6_type,
+        icmpv6_code,
+        icmpv6_echoid,
+        icmpv6_echoseq,
+        icmpv6_csum
         FROM ulog2 LEFT JOIN tcp ON ulog2._id = tcp._tcp_id LEFT JOIN udp ON ulog2._id = udp._udp_id
-                LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id;
+                LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id
+                LEFT JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
 
 -- shortcuts
 CREATE OR REPLACE VIEW view_tcp_quad AS
@@ -285,6 +304,7 @@ INSERT INTO _extensions (ext_name,table_name,join_name) VALUES
 
 CREATE OR REPLACE FUNCTION ULOG2_DROP_FOREIGN_KEYS()
 RETURNS void AS $$
+  ALTER TABLE icmpv6 DROP CONSTRAINT icmpv6_id_fk;
   ALTER TABLE icmp DROP CONSTRAINT icmp_id_fk;
   ALTER TABLE udp  DROP CONSTRAINT udp_id_fk;
   ALTER TABLE tcp  DROP CONSTRAINT tcp_id_fk;
@@ -296,6 +316,7 @@ RETURNS void AS $$
   ALTER TABLE tcp  ADD CONSTRAINT tcp_id_fk  FOREIGN KEY (_tcp_id)  REFERENCES ulog2(_id);
   ALTER TABLE udp  ADD CONSTRAINT udp_id_fk  FOREIGN KEY (_udp_id)  REFERENCES ulog2(_id);
   ALTER TABLE icmp ADD CONSTRAINT icmp_id_fk FOREIGN KEY (_icmp_id) REFERENCES ulog2(_id);
+  ALTER TABLE icmpv6 ADD CONSTRAINT icmpv6_id_fk FOREIGN KEY (_icmpv6_id) REFERENCES ulog2(_id);
 $$ LANGUAGE SQL SECURITY INVOKER;
 
 
@@ -395,6 +416,21 @@ RETURNS bigint AS $$
         SELECT currval('ulog2__id_seq');
 $$ LANGUAGE SQL SECURITY INVOKER;
 
+CREATE OR REPLACE FUNCTION INSERT_ICMPV6(
+                IN icmpv6_id bigint,
+                IN icmpv6_type integer,
+                IN icmpv6_code integer,
+                IN icmpv6_echoid integer,
+                IN icmpv6_echoseq integer,
+                IN icmpv6_csum integer
+        )
+RETURNS bigint AS $$
+        INSERT INTO icmpv6 (_icmpv6_id,icmpv6_type,icmpv6_code,icmpv6_echoid,icmpv6_echoseq,icmpv6_csum)
+                VALUES ($1,$2,$3,$4,$5,$6);
+        SELECT currval('ulog2__id_seq');
+$$ LANGUAGE SQL SECURITY INVOKER;
+
+
 -- this function requires plpgsql
 -- su -c "createlang plpgsql ulog2" postgres
 CREATE OR REPLACE FUNCTION INSERT_PACKET_FULL(
@@ -435,7 +471,12 @@ CREATE OR REPLACE FUNCTION INSERT_PACKET_FULL(
                 IN icmp_echoid integer,
                 IN icmp_echoseq integer,
                 IN icmp_gateway integer,
-                IN icmp_fragmtu integer 
+                IN icmp_fragmtu integer,
+                IN icmpv6_type integer,
+                IN icmpv6_code integer,
+                IN icmpv6_echoid integer,
+                IN icmpv6_echoseq integer,
+                IN icmpv6_csum integer
         )
 RETURNS bigint AS $$
 DECLARE
@@ -445,9 +486,11 @@ BEGIN
         IF (ip_protocol = 6) THEN
                 PERFORM INSERT_TCP_FULL(_id,$18,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28,$29);
         ELSIF (ip_protocol = 17) THEN
-                PERFORM INSERT_UDP(_id,$30,$31,$32,$33);
+                PERFORM INSERT_UDP(_id,$30,$31,$32);
         ELSIF (ip_protocol = 1) THEN
-                PERFORM INSERT_ICMP(_id,$34,$35,$36,$37,$38,$39);
+                PERFORM INSERT_ICMP(_id,$33,$34,$35,$36,$37,$38);
+        ELSIF (ip_protocol = 58) THEN
+                PERFORM INSERT_ICMPV6(_id,$39,$40,$41,$42,$43);
         END IF;
         RETURN _id;
 END
-- 
1.5.2.5

Re: [PATCH 3/5] Add Icmpv6 support to SQL schema.

[Pablo Neira Ayuso]

Eric Leblond wrote:
> Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
> Signed-off-by: Eric Leblond <eric@inl.fr>

Applied, Thanks.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

[ULOGD PATCH 4/5] Add support for UID dumping to NFLOG input plugin.

[Eric Leblond]

Signed-off-by: Eric Leblond <eric@inl.fr>
---
 input/packet/ulogd_inppkt_NFLOG.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/input/packet/ulogd_inppkt_NFLOG.c b/input/packet/ulogd_inppkt_NFLOG.c
index 1b8e32c..3f013cc 100644
--- a/input/packet/ulogd_inppkt_NFLOG.c
+++ b/input/packet/ulogd_inppkt_NFLOG.c
@@ -106,6 +106,7 @@ enum nflog_keys {
 	NFLOG_KEY_OOB_SEQ_GLOBAL,
 	NFLOG_KEY_OOB_FAMILY,
 	NFLOG_KEY_OOB_PROTOCOL,
+	NFLOG_KEY_OOB_UID,
 };
 
 static struct ulogd_key output_keys[] = {
@@ -240,6 +241,12 @@ static struct ulogd_key output_keys[] = {
 		.flags = ULOGD_RETF_NONE,
 		.name = "oob.protocol",
 	},
+	{
+		.type = ULOGD_RET_UINT32,
+		.flags = ULOGD_RETF_NONE,
+		.name = "oob.uid",
+	},
+
 };
 
 static inline int 
@@ -257,6 +264,8 @@ interp_packet(struct ulogd_pluginstance *upi, struct nflog_data *ldata)
 	u_int32_t indev = nflog_get_indev(ldata);
 	u_int32_t outdev = nflog_get_outdev(ldata);
 	u_int32_t seq;
+	u_int32_t uid;
+	
 
 	ret[NFLOG_KEY_OOB_FAMILY].u.value.ui8 = af_ce(upi->config_kset).u.value;
 	ret[NFLOG_KEY_OOB_FAMILY].flags |= ULOGD_RETF_VALID;
@@ -317,6 +326,11 @@ interp_packet(struct ulogd_pluginstance *upi, struct nflog_data *ldata)
 		ret[NFLOG_KEY_OOB_IFINDEX_OUT].flags |= ULOGD_RETF_VALID;
 	}
 
+	if (nflog_get_uid(ldata, &uid) == 0) {
+		ret[NFLOG_KEY_OOB_UID].u.value.ui32 = uid;
+		ret[NFLOG_KEY_OOB_UID].flags |= ULOGD_RETF_VALID;
+	}
+
 	if (nflog_get_seq(ldata, &seq) == 0) {
 		ret[NFLOG_KEY_OOB_SEQ_LOCAL].u.value.ui32 = seq;
 		ret[NFLOG_KEY_OOB_SEQ_LOCAL].flags |= ULOGD_RETF_VALID;
-- 
1.5.2.5

Re: [ULOGD PATCH 4/5] Add support for UID dumping to NFLOG input plugin.

[Pablo Neira Ayuso]

Eric Leblond wrote:
> Signed-off-by: Eric Leblond <eric@inl.fr>

Also applied. Thanks.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

[ULOGD PATCH 5/5] Add UID display to PRINTPKT filter.

[Eric Leblond]

Signed-off-by: Eric Leblond <eric@inl.fr>
---
:100644 100644 ae56946... b524fc2... M	include/ulogd/printpkt.h
:100644 100644 35d8080... 93d506a... M	util/printpkt.c
 include/ulogd/printpkt.h |    1 +
 util/printpkt.c          |    7 +++++++
 2 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/include/ulogd/printpkt.h b/include/ulogd/printpkt.h
index ae56946..b524fc2 100644
--- a/include/ulogd/printpkt.h
+++ b/include/ulogd/printpkt.h
@@ -7,6 +7,7 @@ enum pkt_keys {
 	KEY_OOB_PREFIX,
 	KEY_OOB_IN,
 	KEY_OOB_OUT,
+	KEY_OOB_UID,
 	KEY_RAW_MAC,
 	KEY_RAW_MACLEN,
 	KEY_IP_SADDR,
diff --git a/util/printpkt.c b/util/printpkt.c
index 35d8080..93d506a 100644
--- a/util/printpkt.c
+++ b/util/printpkt.c
@@ -43,6 +43,9 @@ struct ulogd_key printpkt_keys[] = {
 	[KEY_OOB_PREFIX]	= { .name = "oob.prefix", },
 	[KEY_OOB_IN]		= { .name = "oob.in", },
 	[KEY_OOB_OUT]		= { .name = "oob.out", },
+	[KEY_OOB_UID]		= { .name = "oob.uid",
+				    .flags = ULOGD_KEYF_OPTIONAL
+				  },
 	[KEY_RAW_MAC]		= { .name = "raw.mac", },
 	[KEY_RAW_MACLEN]	= { .name = "raw.mac_len", },
 	[KEY_IP_SADDR]		= { .name = "ip.saddr.str", },
@@ -365,6 +368,10 @@ int printpkt_print(struct ulogd_key *res, char *buf)
 		break;
 	}
 
+	if (pp_is_valid(res, KEY_OOB_UID))
+		buf_cur += sprintf(buf_cur, "UID=%d",
+				   GET_VALUE(res, KEY_OOB_UID).ui32);
+
 	strcat(buf_cur, "\n");
 
 	return 0;
-- 
1.5.2.5

Re: [ULOGD PATCH 5/5] Add UID display to PRINTPKT filter.

[Pablo Neira Ayuso]

Eric Leblond wrote:
> Signed-off-by: Eric Leblond <eric@inl.fr>

Applied. Thanks Eric.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers

Re: [ULOGD PATCH 0/5] UID dump support in NFLOG, IPCMPv6 support in SQL

[Pablo Neira Ayuso]

Hi Eric,

Eric Leblond wrote:
> This patchset starts with two minor code cleaning patches.
> 
> The rest of patchset contains some more significative things:
>  * Add UID in NFLOG (ood.uid) and make PRINTPKT able to display the key if
>  present
>  * Add IPCMPv6 support to SQL schema

Nice work again. Thanks for your patches.

-- 
"Los honestos son inadaptados sociales" -- Les Luthiers