All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Warasin <peter@endian.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCHv2 2/5] Adds AF_BRIDGE and ARP header	interpreter to BASE plugin
Date: Thu, 14 Feb 2008 00:05:06 +0100	[thread overview]
Message-ID: <47B377A2.6080309@endian.com> (raw)
In-Reply-To: <20080211221056.242019648@endian.com>

[-- Attachment #1: Type: text/plain, Size: 85 bytes --]

Hi guys

Fixed the type for  KEY_ARP_SPA and KEY_ARP_TPA,
as Eric mentioned.

peter


[-- Attachment #2: ulogd2-PF_BRIDGE.patch --]
[-- Type: text/x-patch, Size: 4979 bytes --]

Adds AF_BRIDGE and ARP header interpreter to BASE plugin

This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.

Signed-off-by: Peter Warasin <peter@endian.com>

---
 filter/raw2packet/ulogd_raw2packet_BASE.c |  127 +++++++++++++++++++++++++++++-
 1 file changed, 125 insertions(+), 2 deletions(-)

Index: ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c
===================================================================
--- ulogd2.orig/filter/raw2packet/ulogd_raw2packet_BASE.c	2008-02-11 22:13:27.000000000 +0100
+++ ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c	2008-02-11 22:20:05.000000000 +0100
@@ -10,6 +10,7 @@
  * 	o UDP header
  * 	o ICMP header
  * 	o AH/ESP header
+ *      o ARP header
  *
  * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
  *
@@ -42,11 +43,13 @@
 #include <netinet/udp.h>
 #include <ulogd/ulogd.h>
 #include <ulogd/ipfix_protocol.h>
+#include <netinet/if_ether.h>
 
 enum input_keys {
 	INKEY_RAW_PCKT,
 	INKEY_RAW_PCKTLEN,
 	INKEY_OOB_FAMILY,
+	INKEY_OOB_PROTOCOL,
 };
 
 enum output_keys {
@@ -101,6 +104,14 @@
 	KEY_ICMPV6_ECHOSEQ,
 	KEY_ICMPV6_CSUM,
 	KEY_AHESP_SPI,
+	KEY_OOB_PROTOCOL,
+	KEY_ARP_HTYPE,
+	KEY_ARP_PTYPE,
+	KEY_ARP_OPCODE,
+	KEY_ARP_SHA,
+	KEY_ARP_SPA,
+	KEY_ARP_THA,
+	KEY_ARP_TPA,
 };
 
 static struct ulogd_key iphdr_rets[] = {
@@ -455,7 +466,46 @@
 		.flags = ULOGD_RETF_NONE,
 		.name = "ahesp.spi",
 	},
-
+	[KEY_OOB_PROTOCOL] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "oob.protocol",
+	},
+	[KEY_ARP_HTYPE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.hwtype",
+	},
+	[KEY_ARP_PTYPE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.protocoltype",
+	},
+	[KEY_ARP_OPCODE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.operation",
+	},
+	[KEY_ARP_SHA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.shwaddr",
+	},
+	[KEY_ARP_SPA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.saddr",
+	},
+	[KEY_ARP_THA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.dhwaddr",
+	},
+	[KEY_ARP_TPA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.daddr",
+	},
 };
 
 /***********************************************************************
@@ -825,16 +875,84 @@
 	return 0;
 }
 
+/***********************************************************************
+ * 			ARP HEADER
+ ***********************************************************************/
+static int _interp_arp(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+	struct ulogd_key *ret = pi->output.keys;
+	const struct ether_arp *arph =
+		GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+
+	if (len < sizeof(struct ether_arp))
+		return 0;
+
+	ret[KEY_ARP_HTYPE].u.value.ui16 = ntohs(arph->arp_hrd);
+	SET_VALID(ret[KEY_ARP_HTYPE]);
+	ret[KEY_ARP_PTYPE].u.value.ui16 = ntohs(arph->arp_pro);
+	SET_VALID(ret[KEY_ARP_PTYPE]);
+	ret[KEY_ARP_OPCODE].u.value.ui16 = ntohs(arph->arp_op);
+	SET_VALID(ret[KEY_ARP_OPCODE]);
+
+	ret[KEY_ARP_SHA].u.value.ptr = &arph->arp_sha;
+	SET_VALID(ret[KEY_ARP_SHA]);
+	ret[KEY_ARP_SPA].u.value.ptr = &arph->arp_spa;
+	SET_VALID(ret[KEY_ARP_SPA]);
+
+	ret[KEY_ARP_THA].u.value.ptr = &arph->arp_tha;
+	SET_VALID(ret[KEY_ARP_THA]);
+	ret[KEY_ARP_TPA].u.value.ptr = &arph->arp_tpa;
+	SET_VALID(ret[KEY_ARP_TPA]);
+
+	return 0;
+}
+
+/***********************************************************************
+ * 			ETHER HEADER
+ ***********************************************************************/
+
+static int _interp_bridge(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+	struct ulogd_key *ret = pi->output.keys;
+	const struct sk_buff *skb =
+		GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+	const u_int16_t proto =
+		GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+
+	switch (proto) {
+	case ETH_P_IP:
+		_interp_iphdr(pi, len);
+		break;
+	case ETH_P_IPV6:
+		_interp_ipv6hdr(pi, len);
+		break;
+	case ETH_P_ARP:
+		_interp_arp(pi, len);
+		break;
+	/* ETH_P_8021Q ?? others? */
+	};
+
+	return 0;
+}
+
+
 static int _interp_pkt(struct ulogd_pluginstance *pi)
 {
 	u_int32_t len = GET_VALUE(pi->input.keys, INKEY_RAW_PCKTLEN).ui32;
 	u_int8_t family = GET_VALUE(pi->input.keys, INKEY_OOB_FAMILY).ui8;
+	struct ulogd_key *ret = pi->output.keys;
+
+	ret[KEY_OOB_PROTOCOL].u.value.ui16 =
+		GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+	SET_VALID(ret[KEY_OOB_PROTOCOL]);
 
 	switch (family) {
 	case AF_INET:
 		return _interp_iphdr(pi, len);
 	case AF_INET6:
 		return _interp_ipv6hdr(pi, len);
+	case AF_BRIDGE:
+		return _interp_bridge(pi, len);
 	}
 	return 0;
 }
@@ -859,7 +977,12 @@
 	{
 		.type = ULOGD_RET_UINT8,
 		.name = "oob.family",
-	}
+	},
+	{
+		.type = ULOGD_RET_UINT16,
+		.name = "oob.protocol",
+	},
+
 };
 
 static struct ulogd_plugin base_plugin = {

  reply	other threads:[~2008-02-13 23:05 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-11 22:07 [PATCH 0/5] adds ebtables nflog support to ulogd Peter Warasin
2008-02-11 22:07 ` [PATCH 1/5] Adds input keys enumeration Peter Warasin
2008-02-14 14:46   ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 2/5] Adds AF_BRIDGE and ARP header interpreter to BASE plugin Peter Warasin
2008-02-13 23:05   ` Peter Warasin [this message]
2008-02-14  7:39     ` [PATCHv2 " Eric Leblond
2008-02-14 11:34       ` [PATCHv3 " Peter Warasin
2008-02-14 15:23         ` Pablo Neira Ayuso
2008-02-15 17:25           ` [PATCHv4 " Peter Warasin
2008-02-15 17:39             ` Peter Warasin
2008-02-16  0:25               ` [PATCHv5 " Peter Warasin
2008-02-19  0:58                 ` Pablo Neira Ayuso
2008-02-19 10:53                   ` Peter Warasin
2008-02-11 22:07 ` [PATCH 3/5] adds AF_BRIDGE support to PRINTPKT plugin Peter Warasin
2008-02-19 10:54   ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 4/5] adds AF_BRIDGE support to IP2STR Peter Warasin
2008-02-12 20:28   ` Eric Leblond
2008-02-13 11:17     ` Peter Warasin
2008-02-12 21:15   ` Eric Leblond
2008-02-13 11:13     ` Peter Warasin
2008-02-13 23:06       ` [PATCHv2 " Peter Warasin
2008-02-14 11:36         ` [PATCHv3 " Peter Warasin
2008-02-16  0:25           ` [PATCHv4 " Peter Warasin
2008-02-19 10:55             ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 5/5] Adds ebtables nflog stack samples to config file Peter Warasin
2008-02-19 10:56   ` Pablo Neira Ayuso
2008-02-12 20:04 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Bart De Schuymer
2008-02-12 20:30   ` Peter Warasin
2008-02-21 22:23     ` Bart De Schuymer
     [not found]       ` <1203632611.2902.6.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-25 13:55         ` Peter Warasin
     [not found]   ` <1202846691.2901.16.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-19  1:50     ` [PATCH 1/2] Add IPv6 support Tseng, Kuo-Lang
2008-02-19 18:24       ` [Ebtables-devel] " Tseng, Kuo-Lang
     [not found]         ` <3F25FE8C477E9E4FB3D42C2FF937C08A8D0B66-7XlYjKTK0pNQxe9IK+vIArfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2008-02-21 21:29           ` Bart De Schuymer
2008-02-19 15:12   ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47B377A2.6080309@endian.com \
    --to=peter@endian.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.