From: Eric Leblond <eric@inl.fr>
To: netfilter-devel@vger.kernel.org
Cc: Eric Leblond <eric@inl.fr>
Subject: [Resend ULOGD PATCH] Add event output and make event mask configurable in NFCT.
Date: Wed, 26 Mar 2008 01:56:40 +0100 [thread overview]
Message-ID: <12064930002868-git-send-email-eric@inl.fr> (raw)
In-Reply-To: <47E99B88.9090200@netfilter.org>
Hello,
Here's the modification following your recommandation. That's better like that :)
BR,
Signed-off-by: Eric Leblond <eric@inl.fr>
---
input/flow/ulogd_inpflow_NFCT.c | 53 ++++++++++++++++++++++++++++-----------
1 files changed, 38 insertions(+), 15 deletions(-)
diff --git a/input/flow/ulogd_inpflow_NFCT.c b/input/flow/ulogd_inpflow_NFCT.c
index 1843acb..7ca545f 100644
--- a/input/flow/ulogd_inpflow_NFCT.c
+++ b/input/flow/ulogd_inpflow_NFCT.c
@@ -66,9 +66,10 @@ struct nfct_pluginstance {
#define HTABLE_SIZE (8192)
#define MAX_ENTRIES (4 * HTABLE_SIZE)
+#define EVENT_MASK NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY
static struct config_keyset nfct_kset = {
- .num_ces = 5,
+ .num_ces = 6,
.ces = {
{
.key = "pollinterval",
@@ -100,6 +101,13 @@ static struct config_keyset nfct_kset = {
.options = CONFIG_OPT_NONE,
.u.value = MAX_ENTRIES,
},
+ {
+ .key = "event_mask",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = EVENT_MASK,
+ },
+
},
};
#define pollint_ce(x) (x->ces[0])
@@ -107,6 +115,7 @@ static struct config_keyset nfct_kset = {
#define prealloc_ce(x) (x->ces[2])
#define buckets_ce(x) (x->ces[3])
#define maxentries_ce(x) (x->ces[4])
+#define eventmask_ce(x) (x->ces[5])
enum nfct_keys {
NFCT_ORIG_IP_SADDR = 0,
@@ -127,6 +136,7 @@ enum nfct_keys {
NFCT_ICMP_TYPE,
NFCT_CT_MARK,
NFCT_CT_ID,
+ NFCT_CT_EVENT,
NFCT_FLOW_START_SEC,
NFCT_FLOW_START_USEC,
NFCT_FLOW_END_SEC,
@@ -301,6 +311,12 @@ static struct ulogd_key nfct_okeys[] = {
},
},
{
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct.event",
+ },
+
+ {
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
.name = "flow.start.sec",
@@ -454,11 +470,16 @@ static struct ct_timestamp *ct_hash_get(struct ct_htable *htable, uint32_t id)
static int propagate_ct(struct ulogd_pluginstance *upi,
struct nfct_conntrack *ct,
unsigned int flags,
+ int type,
struct ct_timestamp *ts)
{
struct ulogd_key *ret = upi->output.keys;
int dir;
+
+ ret[NFCT_CT_EVENT].u.value.ui32 = type;
+ ret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
dir = NFCT_DIR_ORIGINAL;
ret[NFCT_ORIG_IP_SADDR].u.value.ui32 = htonl(ct->tuple[dir].src.v4);
ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
@@ -559,28 +580,31 @@ static int event_handler(void *arg, unsigned int flags, int type,
{
struct nfct_conntrack *ct = arg;
struct ulogd_pluginstance *upi = data;
- struct ulogd_pluginstance *npi = NULL;
+ struct ulogd_key *kret = upi->output.keys;
struct nfct_pluginstance *cpi =
(struct nfct_pluginstance *) upi->private;
+ struct ct_timestamp *ts = NULL;
+ struct ulogd_pluginstance *npi = NULL;
int ret = 0;
+
if (type == NFCT_MSG_NEW) {
- if (usehash_ce(upi->config_kset).u.value != 0)
+ if (usehash_ce(upi->config_kset).u.value != 0) {
ct_hash_add(cpi->ct_active, ct->id);
+ return 0;
+ }
} else if (type == NFCT_MSG_DESTROY) {
- struct ct_timestamp *ts = NULL;
-
if (usehash_ce(upi->config_kset).u.value != 0)
ts = ct_hash_get(cpi->ct_active, ct->id);
+ }
- llist_for_each_entry(npi, &upi->plist, plist) {
- ret = propagate_ct(npi, ct, flags, ts);
- if (ret != 0)
- return ret;
- }
- return propagate_ct(upi, ct, flags, ts);
+ llist_for_each_entry(npi, &upi->plist, plist) {
+ ret = propagate_ct(npi, ct, flags, type, ts);
+ if (ret != 0)
+ return ret;
}
- return 0;
+
+ return propagate_ct(upi, ct, flags, type, ts);
}
static int read_cb_nfct(int fd, unsigned int what, void *param)
@@ -638,9 +662,8 @@ static int constructor_nfct(struct ulogd_pluginstance *upi)
(struct nfct_pluginstance *)upi->private;
int prealloc;
- /* FIXME: make eventmask configurable */
- cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW|
- NF_NETLINK_CONNTRACK_DESTROY);
+ cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK,
+ eventmask_ce(upi->config_kset).u.value);
if (!cpi->cth) {
ulogd_log(ULOGD_FATAL, "error opening ctnetlink\n");
return -1;
--
1.5.2.5
next prev parent reply other threads:[~2008-03-26 0:56 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-17 0:07 [ULOGD PATCH 0/3] Add event type to NFCT plugin Eric Leblond
2008-03-17 0:07 ` [ULOGD PATCH 1/3] Add some plugin loading and stack example to configuration file Eric Leblond
2008-03-26 0:32 ` Pablo Neira Ayuso
2008-03-17 0:07 ` [ULOGD PATCH 2/3] Add event output and make event mask configurable in NFCT Eric Leblond
2008-03-26 0:40 ` Pablo Neira Ayuso
2008-03-26 0:56 ` Eric Leblond [this message]
2008-03-26 9:34 ` [Resend ULOGD PATCH] " Pablo Neira Ayuso
2008-04-05 10:21 ` Eric Leblond
2008-04-05 15:29 ` Pablo Neira Ayuso
2008-04-05 19:24 ` Eric Leblond
2008-03-17 0:07 ` [ULOGD PATCH 3/3] Modify printflow filter to display event type in output message Eric Leblond
2008-03-26 9:34 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=12064930002868-git-send-email-eric@inl.fr \
--to=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.