From: heitzenberger@astaro.com
To: netfilter-devel@vger.kernel.org
Cc: holger@eitzenberger.org
Subject: [ULOGD 01/15] Add NACCT output plugin
Date: Sat, 02 Feb 2008 21:48:27 +0100 [thread overview]
Message-ID: <20080202205107.292916433@astaro.com> (raw)
In-Reply-To: 20080202204826.267107164@astaro.com
Hi,
Content-Disposition: inline; filename=ulogd-NACCT-plugin.diff
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Index: ulogd-netfilter/output/Makefile.am
===================================================================
--- ulogd-netfilter.orig/output/Makefile.am
+++ ulogd-netfilter/output/Makefile.am
@@ -4,7 +4,8 @@ LIBS=""
SUBDIRS= pcap mysql pgsql sqlite3
pkglib_LTLIBRARIES = ulogd_output_LOGEMU.la ulogd_output_SYSLOG.la \
- ulogd_output_OPRINT.la ulogd_output_IPFIX.la
+ ulogd_output_OPRINT.la ulogd_output_IPFIX.la \
+ ulogd_output_NACCT.la
ulogd_output_LOGEMU_la_SOURCES = ulogd_output_LOGEMU.c
ulogd_output_LOGEMU_la_LDFLAGS = -module
@@ -18,3 +19,5 @@ ulogd_output_OPRINT_la_LDFLAGS = -module
ulogd_output_IPFIX_la_SOURCES = ulogd_output_IPFIX.c
ulogd_output_IPFIX_la_LDFLAGS = -module
+ulogd_output_NACCT_la_SOURCES = ulogd_output_NACCT.c
+ulogd_output_NACCT_la_LDFLAGS = -module
Index: ulogd-netfilter/output/ulogd_output_NACCT.c
===================================================================
--- /dev/null
+++ ulogd-netfilter/output/ulogd_output_NACCT.c
@@ -0,0 +1,206 @@
+/*
+ * ulogd_outpout_NACCT.c
+ *
+ * ulogd output plugin for accounting which tries to stay mostly
+ * compatible with nacct output.
+ *
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Holger Eitzenberger <holger@eitzenberger.org> Astaro AG 2008
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <arpa/inet.h>
+#include <ulogd/ulogd.h>
+#include <ulogd/conffile.h>
+
+#define NACCT_FILE_DEFAULT "/var/log/nacctdata.log"
+
+#define HIPQUAD(addr) \
+ ((unsigned char *)&addr)[3], \
+ ((unsigned char *)&addr)[2], \
+ ((unsigned char *)&addr)[1], \
+ ((unsigned char *)&addr)[0]
+
+/* config accessors (lazy me...) */
+#define NACCT_CFG_FILE(pi) ((pi)->config_kset->ces[0].u.string)
+#define NACCT_CFG_SYNC(pi) ((pi)->config_kset->ces[1].u.value)
+
+#define KEY(pi,idx) ((pi)->input.keys[(idx)].u.source)
+
+/* input keys */
+#define KEY_IP_SADDR(pi) KEY(pi, 0)
+#define KEY_IP_DADDR(pi) KEY(pi, 1)
+#define KEY_IP_PROTO(pi) KEY(pi, 2)
+#define KEY_L4_SPORT(pi) KEY(pi, 3)
+#define KEY_L4_DPORT(pi) KEY(pi, 4)
+#define KEY_RAW_PKTLEN(pi) KEY(pi, 5)
+#define KEY_RAW_PKTCNT(pi) KEY(pi, 6)
+#define KEY_ICMP_CODE(pi) KEY(pi, 7)
+#define KEY_ICMP_TYPE(pi) KEY(pi, 8)
+#define KEY_FLOW_START(pi) KEY(pi, 11)
+#define KEY_FLOW_END(pi) KEY(pi, 13)
+
+struct nacct_priv {
+ FILE *of;
+};
+
+
+static int
+nacct_interp(struct ulogd_pluginstance *pi)
+{
+ struct nacct_priv *priv = (struct nacct_priv *)&pi->private;
+ static char buf[80];
+
+ /* try to be as close to nacct as possible. Instead of nacct's
+ 'timestamp' value use 'flow.end.sec' */
+ if (KEY_IP_PROTO(pi)->u.value.ui8 == IPPROTO_ICMP) {
+ snprintf(buf, sizeof(buf),
+ "%u\t%u\t%u.%u.%u.%u\t%u\t%u.%u.%u.%u\t%u\t%u\t%u",
+ KEY_FLOW_END(pi)->u.value.ui32,
+ KEY_IP_PROTO(pi)->u.value.ui8,
+ HIPQUAD(KEY_IP_SADDR(pi)->u.value.ui32),
+ KEY_ICMP_TYPE(pi)->u.value.ui8,
+ HIPQUAD(KEY_IP_DADDR(pi)->u.value.ui32),
+ KEY_ICMP_CODE(pi)->u.value.ui8,
+ KEY_RAW_PKTCNT(pi)->u.value.ui32,
+ KEY_RAW_PKTLEN(pi)->u.value.ui32);
+ } else {
+ snprintf(buf, sizeof(buf),
+ "%u\t%u\t%u.%u.%u.%u\t%u\t%u.%u.%u.%u\t%u\t%u\t%u",
+ KEY_FLOW_END(pi)->u.value.ui32,
+ KEY_IP_PROTO(pi)->u.value.ui8,
+ HIPQUAD(KEY_IP_SADDR(pi)->u.value.ui32),
+ KEY_L4_SPORT(pi)->u.value.ui8,
+ HIPQUAD(KEY_IP_DADDR(pi)->u.value.ui32),
+ KEY_L4_DPORT(pi)->u.value.ui8,
+ KEY_RAW_PKTCNT(pi)->u.value.ui32,
+ KEY_RAW_PKTLEN(pi)->u.value.ui32);
+ }
+
+ fprintf(priv->of, "%s\n", buf);
+
+ if (NACCT_CFG_SYNC(pi) != 0)
+ fflush(priv->of);
+
+ return 0;
+}
+
+static struct config_keyset nacct_kset = {
+ .num_ces = 2,
+ .ces = {
+ {
+ .key = "file",
+ .type = CONFIG_TYPE_STRING,
+ .options = CONFIG_OPT_NONE,
+ .u = {.string = NACCT_FILE_DEFAULT },
+ },
+ {
+ .key = "sync",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u = { .value = 0 },
+ },
+ },
+};
+
+static void
+sighup_handler_print(struct ulogd_pluginstance *pi, int signal)
+{
+ struct nacct_priv *oi = (struct nacct_priv *)&pi->private;
+
+ switch (signal) {
+ case SIGHUP:
+ {
+ ulogd_log(ULOGD_NOTICE, "NACCT: reopening logfile\n");
+ fclose(oi->of);
+ oi->of = fopen(NACCT_CFG_FILE(pi), "a");
+ if (!oi->of)
+ ulogd_log(ULOGD_ERROR, "%s: %s\n", NACCT_CFG_FILE(pi),
+ strerror(errno));
+ break;
+ }
+
+ default:
+ break;
+ }
+}
+
+static int
+nacct_conf(struct ulogd_pluginstance *pi,
+ struct ulogd_pluginstance_stack *stack)
+{
+ int ret;
+
+ if ((ret = ulogd_wildcard_inputkeys(pi)) < 0)
+ return ret;
+
+ if ((ret = config_parse_file(pi->id, pi->config_kset)) < 0)
+ return ret;
+
+ return 0;
+}
+
+static int
+nacct_init(struct ulogd_pluginstance *pi)
+{
+ struct nacct_priv *op = (struct nacct_priv *)&pi->private;
+
+ if ((op->of = fopen(NACCT_CFG_FILE(pi), "a")) == NULL) {
+ ulogd_log(ULOGD_FATAL, "%s: %s\n",
+ NACCT_CFG_FILE(pi), strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+static int
+nacct_fini(struct ulogd_pluginstance *pi)
+{
+ struct nacct_priv *op = (struct nacct_priv *)&pi->private;
+
+ if (op->of != stdout)
+ fclose(op->of);
+
+ return 0;
+}
+
+static struct ulogd_plugin nacct_plugin = {
+ .name = "NACCT",
+ .input = {
+ .type = ULOGD_DTYPE_PACKET | ULOGD_DTYPE_FLOW,
+ },
+ .output = {
+ .type = ULOGD_DTYPE_SINK,
+ },
+ .configure = &nacct_conf,
+ .interp = &nacct_interp,
+ .start = &nacct_init,
+ .stop = &nacct_fini,
+ .signal = &sighup_handler_print,
+ .config_kset = &nacct_kset,
+ .version = ULOGD_VERSION,
+};
+
+void __attribute__ ((constructor)) init(void);
+
+void
+init(void)
+{
+ ulogd_register_plugin(&nacct_plugin);
+}
--
next prev parent reply other threads:[~2008-02-02 20:51 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-02 20:48 [ULOGD 00/15] ulogd V2 improvements, round 2 heitzenberger
2008-02-02 20:48 ` heitzenberger [this message]
2008-02-02 21:24 ` [ULOGD 01/15] Add NACCT output plugin Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 02/15] common.h: added heitzenberger
2008-02-02 21:30 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 03/15] Replace timer code by working version heitzenberger
2008-02-02 22:45 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 04/15] Add IFI list heitzenberger
2008-02-02 21:36 ` Pablo Neira Ayuso
2008-02-02 21:50 ` Holger Eitzenberger
2008-02-02 22:56 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 05/15] Add signalling subsystem heitzenberger
2008-02-19 19:38 ` Pablo Neira Ayuso
2008-02-20 8:43 ` Holger Eitzenberger
2008-02-20 12:20 ` Patrick McHardy
2008-02-20 12:23 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 06/15] Conffile cleanup, use common pr_debug() heitzenberger
2008-02-02 21:43 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 07/15] Renice to -1 on startup heitzenberger
2008-02-02 21:47 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 08/15] Initial round to make plugins reconfigurable heitzenberger
2008-02-02 20:48 ` [ULOGD 09/15] llist: add llist_for_each_prev_safe() heitzenberger
2008-02-02 20:48 ` [ULOGD 10/15] Improve select performance heitzenberger
2008-02-19 19:58 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 11/15] Add set_sockbuf_len() heitzenberger
2008-02-19 19:57 ` Pablo Neira Ayuso
2008-02-02 20:48 ` [ULOGD 12/15] Introduce global state, skip some stacks during reconfiguration heitzenberger
2008-02-02 20:48 ` [ULOGD 13/15] llist: turn poisoning off by default heitzenberger
2008-02-02 20:48 ` [ULOGD 14/15] SQLITE3: port to ulogd 2.00, mostly a rewrite heitzenberger
2008-02-02 20:48 ` [ULOGD 15/15] NFCT: rework and let it scale heitzenberger
2008-02-02 22:52 ` [ULOGD 00/15] ulogd V2 improvements, round 2 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080202205107.292916433@astaro.com \
--to=heitzenberger@astaro.com \
--cc=holger@eitzenberger.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.