From: Peter Warasin <peter@endian.com>
To: netfilter-devel@vger.kernel.org
Cc: ebtables-devel@lists.sourceforge.net, Peter Warasin <peter@endian.com>
Subject: [PATCH 3/5] adds AF_BRIDGE support to PRINTPKT plugin
Date: Mon, 11 Feb 2008 23:07:56 +0100 [thread overview]
Message-ID: <20080211221056.540287033@endian.com> (raw)
In-Reply-To: 20080211220753.796791654@endian.com
[-- Attachment #1: ulogd2-PF_BRIDGE-printpkt.patch --]
[-- Type: text/plain, Size: 4186 bytes --]
This patch adds support for AF_BRIDGE to
the PRINTPKT plugin, which allows to form
log lines for packets coming from ebtables.
Currently it supports IPv4, IPv6 and ARP.
Signed-off-by: Peter Warasin <peter@endian.com>
---
include/ulogd/printpkt.h | 8 ++++
util/printpkt.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 89 insertions(+)
Index: ulogd2/include/ulogd/printpkt.h
===================================================================
--- ulogd2.orig/include/ulogd/printpkt.h 2008-02-11 22:37:18.000000000 +0100
+++ ulogd2/include/ulogd/printpkt.h 2008-02-11 22:37:20.000000000 +0100
@@ -51,6 +51,14 @@
KEY_ICMPV6_ECHOID,
KEY_ICMPV6_ECHOSEQ,
KEY_AHESP_SPI,
+ KEY_OOB_PROTOCOL,
+ KEY_ARP_HTYPE,
+ KEY_ARP_PTYPE,
+ KEY_ARP_OPCODE,
+ KEY_ARP_SHA,
+ KEY_ARP_SPA,
+ KEY_ARP_THA,
+ KEY_ARP_TPA,
__PRINTPKT_KEYS
};
#define PRINTPKT_KEYS (__PRINTPKT_KEYS)
Index: ulogd2/util/printpkt.c
===================================================================
--- ulogd2.orig/util/printpkt.c 2008-02-11 22:37:18.000000000 +0100
+++ ulogd2/util/printpkt.c 2008-02-11 22:40:05.000000000 +0100
@@ -36,9 +36,11 @@
#include <ulogd/ulogd.h>
#include <ulogd/conffile.h>
#include <ulogd/printpkt.h>
+#include <netinet/if_ether.h>
struct ulogd_key printpkt_keys[] = {
[KEY_OOB_FAMILY] = { .name = "oob.family", },
+ [KEY_OOB_PROTOCOL] = { .name = "oob.protocol", },
[KEY_OOB_TIME_SEC] = { .name = "oob.time.sec", },
[KEY_OOB_PREFIX] = { .name = "oob.prefix", },
[KEY_OOB_IN] = { .name = "oob.in", },
@@ -90,6 +92,14 @@
[KEY_ICMPV6_ECHOID] = { .name = "icmpv6.echoid", },
[KEY_ICMPV6_ECHOSEQ] = { .name = "icmpv6.echoseq", },
[KEY_AHESP_SPI] = { .name = "ahesp.spi", },
+ [KEY_ARP_HTYPE] = { .name = "arp.hwtype", },
+ [KEY_ARP_PTYPE] = { .name = "arp.protocoltype", },
+ [KEY_ARP_OPCODE] = { .name = "arp.operation", },
+ [KEY_ARP_SHA] = { .name = "arp.shwaddr", },
+ [KEY_ARP_SPA] = { .name = "arp.saddr.str", },
+ [KEY_ARP_THA] = { .name = "arp.dhwaddr", },
+ [KEY_ARP_TPA] = { .name = "arp.daddr.str", },
+
};
static int printpkt_proto(struct ulogd_key *res, char *buf, int protocol)
@@ -334,6 +344,74 @@
return buf_cur - buf;
}
+int printpkt_arp(struct ulogd_key *res, char *buf)
+{
+ char *buf_cur = buf;
+ u_int16_t code = 0;
+ u_int8_t *mac;
+ char tmp[INET_ADDRSTRLEN];
+
+ if (pp_is_valid(res, KEY_ARP_SPA))
+ buf_cur += sprintf(buf_cur, "SRC=%s ",
+ GET_VALUE(res, KEY_ARP_SPA).ptr);
+
+ if (pp_is_valid(res, KEY_ARP_TPA))
+ buf_cur += sprintf(buf_cur, "DST=%s ",
+ GET_VALUE(res, KEY_ARP_TPA).ptr);
+
+ buf_cur += sprintf(buf_cur, "PROTO=ARP ");
+
+ if (pp_is_valid(res, KEY_ARP_OPCODE)) {
+ code = GET_VALUE(res, KEY_ARP_OPCODE).ui16;
+ switch (code) {
+ case ARPOP_REQUEST:
+ buf_cur += sprintf(buf_cur, "REQUEST ");
+ break;
+ case ARPOP_REPLY:
+ buf_cur += sprintf(buf_cur, "REPLY ");
+ break;
+ case ARPOP_NAK:
+ buf_cur += sprintf(buf_cur, "NAK ");
+ break;
+ default:
+ buf_cur += sprintf(buf_cur, "CODE=%u ", code);
+ }
+
+ if (pp_is_valid(res, KEY_ARP_SHA) && (code == ARPOP_REPLY)) {
+ mac = GET_VALUE(res, KEY_ARP_SHA).ptr;
+ buf_cur += sprintf(buf_cur, "REPLY_MAC="
+ "%02x:%02x:%02x:%02x:%02x:%02x ",
+ mac[0], mac[1], mac[2],
+ mac[3], mac[4], mac[5]);
+ }
+ }
+
+ return buf_cur - buf;
+}
+
+
+int printpkt_bridge(struct ulogd_key *res, char *buf)
+{
+ char *buf_cur = buf;
+
+ switch (GET_VALUE(res, KEY_OOB_PROTOCOL).ui16) {
+ case ETH_P_IP:
+ buf_cur += printpkt_ipv4(res, buf_cur);
+ break;
+ case ETH_P_IPV6:
+ buf_cur += printpkt_ipv6(res, buf_cur);
+ break;
+ case ETH_P_ARP:
+ buf_cur += printpkt_arp(res, buf_cur);
+ break;
+ default:
+ buf_cur += sprintf(buf_cur, "PROTO=%u ",
+ GET_VALUE(res, KEY_OOB_PROTOCOL).ui16);
+ }
+
+ return buf_cur - buf;
+}
+
int printpkt_print(struct ulogd_key *res, char *buf)
{
char *buf_cur = buf;
@@ -366,6 +444,9 @@
case AF_INET6:
buf_cur += printpkt_ipv6(res, buf_cur);
break;
+ case AF_BRIDGE:
+ buf_cur += printpkt_bridge(res, buf_cur);
+ break;
}
if (pp_is_valid(res, KEY_OOB_UID))
--
next prev parent reply other threads:[~2008-02-11 22:10 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-11 22:07 [PATCH 0/5] adds ebtables nflog support to ulogd Peter Warasin
2008-02-11 22:07 ` [PATCH 1/5] Adds input keys enumeration Peter Warasin
2008-02-14 14:46 ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 2/5] Adds AF_BRIDGE and ARP header interpreter to BASE plugin Peter Warasin
2008-02-13 23:05 ` [PATCHv2 " Peter Warasin
2008-02-14 7:39 ` Eric Leblond
2008-02-14 11:34 ` [PATCHv3 " Peter Warasin
2008-02-14 15:23 ` Pablo Neira Ayuso
2008-02-15 17:25 ` [PATCHv4 " Peter Warasin
2008-02-15 17:39 ` Peter Warasin
2008-02-16 0:25 ` [PATCHv5 " Peter Warasin
2008-02-19 0:58 ` Pablo Neira Ayuso
2008-02-19 10:53 ` Peter Warasin
2008-02-11 22:07 ` Peter Warasin [this message]
2008-02-19 10:54 ` [PATCH 3/5] adds AF_BRIDGE support to PRINTPKT plugin Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 4/5] adds AF_BRIDGE support to IP2STR Peter Warasin
2008-02-12 20:28 ` Eric Leblond
2008-02-13 11:17 ` Peter Warasin
2008-02-12 21:15 ` Eric Leblond
2008-02-13 11:13 ` Peter Warasin
2008-02-13 23:06 ` [PATCHv2 " Peter Warasin
2008-02-14 11:36 ` [PATCHv3 " Peter Warasin
2008-02-16 0:25 ` [PATCHv4 " Peter Warasin
2008-02-19 10:55 ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 5/5] Adds ebtables nflog stack samples to config file Peter Warasin
2008-02-19 10:56 ` Pablo Neira Ayuso
2008-02-12 20:04 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Bart De Schuymer
2008-02-12 20:30 ` Peter Warasin
2008-02-21 22:23 ` Bart De Schuymer
[not found] ` <1203632611.2902.6.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-25 13:55 ` Peter Warasin
[not found] ` <1202846691.2901.16.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-19 1:50 ` [PATCH 1/2] Add IPv6 support Tseng, Kuo-Lang
2008-02-19 18:24 ` [Ebtables-devel] " Tseng, Kuo-Lang
[not found] ` <3F25FE8C477E9E4FB3D42C2FF937C08A8D0B66-7XlYjKTK0pNQxe9IK+vIArfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2008-02-21 21:29 ` Bart De Schuymer
2008-02-19 15:12 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080211221056.540287033@endian.com \
--to=peter@endian.com \
--cc=ebtables-devel@lists.sourceforge.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.