From: Eric Leblond <eric@inl.fr>
To: netfilter-devel@vger.kernel.org
Cc: Eric Leblond <eric@inl.fr>
Subject: [ULOGD PATCH 2/3] Add event output and make event mask configurable in NFCT.
Date: Mon, 17 Mar 2008 01:07:02 +0100 [thread overview]
Message-ID: <12057124232801-git-send-email-eric@inl.fr> (raw)
In-Reply-To: <12057124233723-git-send-email-eric@inl.fr>
This patch contains two linked modifications in NFCT input plugin:
- event mask is now configurable though the event_mask configuration variable
- event type is now stored in the ct.event output key. This can be used to
display the information or to use it to implement some tracking algorithm in
userspace.
Signed-off-by: Eric Leblond <eric@inl.fr>
---
input/flow/ulogd_inpflow_NFCT.c | 55 ++++++++++++++++++++++++++++----------
1 files changed, 40 insertions(+), 15 deletions(-)
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 1843acb..b64e85f 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -66,9 +66,10 @@ struct nfct_pluginstance {
#define HTABLE_SIZE (8192)
#define MAX_ENTRIES (4 * HTABLE_SIZE)
+#define EVENT_MASK NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY
static struct config_keyset nfct_kset = {
- .num_ces = 5,
+ .num_ces = 6,
.ces = {
{
.key = "pollinterval",
@@ -100,6 +101,13 @@ static struct config_keyset nfct_kset = {
.options = CONFIG_OPT_NONE,
.u.value = MAX_ENTRIES,
},
+ {
+ .key = "event_mask",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = EVENT_MASK,
+ },
+
},
};
#define pollint_ce(x) (x->ces[0])
@@ -107,6 +115,7 @@ static struct config_keyset nfct_kset = {
#define prealloc_ce(x) (x->ces[2])
#define buckets_ce(x) (x->ces[3])
#define maxentries_ce(x) (x->ces[4])
+#define eventmask_ce(x) (x->ces[5])
enum nfct_keys {
NFCT_ORIG_IP_SADDR = 0,
@@ -127,6 +136,7 @@ enum nfct_keys {
NFCT_ICMP_TYPE,
NFCT_CT_MARK,
NFCT_CT_ID,
+ NFCT_CT_EVENT,
NFCT_FLOW_START_SEC,
NFCT_FLOW_START_USEC,
NFCT_FLOW_END_SEC,
@@ -301,6 +311,12 @@ static struct ulogd_key nfct_okeys[] = {
},
},
{
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct.event",
+ },
+
+ {
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
.name = "flow.start.sec",
@@ -559,28 +575,38 @@ static int event_handler(void *arg, unsigned int flags, int type,
{
struct nfct_conntrack *ct = arg;
struct ulogd_pluginstance *upi = data;
- struct ulogd_pluginstance *npi = NULL;
+ struct ulogd_key *kret = upi->output.keys;
struct nfct_pluginstance *cpi =
(struct nfct_pluginstance *) upi->private;
+ struct ct_timestamp *ts = NULL;
+ struct ulogd_pluginstance *npi = NULL;
int ret = 0;
+
if (type == NFCT_MSG_NEW) {
- if (usehash_ce(upi->config_kset).u.value != 0)
+ if (usehash_ce(upi->config_kset).u.value != 0) {
ct_hash_add(cpi->ct_active, ct->id);
+ return 0;
+ }
} else if (type == NFCT_MSG_DESTROY) {
- struct ct_timestamp *ts = NULL;
-
if (usehash_ce(upi->config_kset).u.value != 0)
ts = ct_hash_get(cpi->ct_active, ct->id);
+ }
- llist_for_each_entry(npi, &upi->plist, plist) {
- ret = propagate_ct(npi, ct, flags, ts);
- if (ret != 0)
- return ret;
- }
- return propagate_ct(upi, ct, flags, ts);
+ llist_for_each_entry(npi, &upi->plist, plist) {
+ kret = npi->output.keys;
+ kret[NFCT_CT_EVENT].u.value.ui32 = type;
+ kret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
+ ret = propagate_ct(npi, ct, flags, ts);
+ if (ret != 0)
+ return ret;
}
- return 0;
+
+ kret[NFCT_CT_EVENT].u.value.ui32 = type;
+ kret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
+ return propagate_ct(upi, ct, flags, ts);
}
static int read_cb_nfct(int fd, unsigned int what, void *param)
@@ -638,9 +664,8 @@ static int constructor_nfct(struct ulogd_pluginstance *upi)
(struct nfct_pluginstance *)upi->private;
int prealloc;
- /* FIXME: make eventmask configurable */
- cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW|
- NF_NETLINK_CONNTRACK_DESTROY);
+ cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK,
+ eventmask_ce(upi->config_kset).u.value);
if (!cpi->cth) {
ulogd_log(ULOGD_FATAL, "error opening ctnetlink\n");
return -1;
--
1.5.4.3
next prev parent reply other threads:[~2008-03-17 0:07 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-17 0:07 [ULOGD PATCH 0/3] Add event type to NFCT plugin Eric Leblond
2008-03-17 0:07 ` [ULOGD PATCH 1/3] Add some plugin loading and stack example to configuration file Eric Leblond
2008-03-26 0:32 ` Pablo Neira Ayuso
2008-03-17 0:07 ` Eric Leblond [this message]
2008-03-26 0:40 ` [ULOGD PATCH 2/3] Add event output and make event mask configurable in NFCT Pablo Neira Ayuso
2008-03-26 0:56 ` [Resend ULOGD PATCH] " Eric Leblond
2008-03-26 9:34 ` Pablo Neira Ayuso
2008-04-05 10:21 ` Eric Leblond
2008-04-05 15:29 ` Pablo Neira Ayuso
2008-04-05 19:24 ` Eric Leblond
2008-03-17 0:07 ` [ULOGD PATCH 3/3] Modify printflow filter to display event type in output message Eric Leblond
2008-03-26 9:34 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=12057124232801-git-send-email-eric@inl.fr \
--to=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.