All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Warasin <peter@endian.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Eric Leblond <eric@inl.fr>, netfilter-devel@vger.kernel.org
Subject: [PATCHv4 2/5] Adds AF_BRIDGE and ARP header interpreter to      BASE plugin
Date: Fri, 15 Feb 2008 18:25:23 +0100	[thread overview]
Message-ID: <47B5CB03.2070903@endian.com> (raw)
In-Reply-To: <47B45D0F.8070008@netfilter.org>

[-- Attachment #1: Type: text/plain, Size: 337 bytes --]

Hi Pablo

Pablo Neira Ayuso wrote:
> Hm, I get this warnings with your patch:
>   
Fixed it (added casts) within the attached patch.

> Now arp_spa and arp_tpa use ptr instead of ui32. Please, clarify
I changed to ui32, since ip_addr is ui32, but the arp ip fields
are ui8[4].
I think ui32 should be correct with the casts now.

peter



[-- Attachment #2: ulogd2-PF_BRIDGE.patch --]
[-- Type: text/x-patch, Size: 5007 bytes --]

Adds AF_BRIDGE and ARP header interpreter to BASE plugin

This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.

Signed-off-by: Peter Warasin <peter@endian.com>

---
 filter/raw2packet/ulogd_raw2packet_BASE.c |  127 +++++++++++++++++++++++++++++-
 1 file changed, 125 insertions(+), 2 deletions(-)

Index: ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c
===================================================================
--- ulogd2.orig/filter/raw2packet/ulogd_raw2packet_BASE.c	2008-02-13 23:58:17.000000000 +0100
+++ ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c	2008-02-15 18:17:07.000000000 +0100
@@ -10,6 +10,7 @@
  * 	o UDP header
  * 	o ICMP header
  * 	o AH/ESP header
+ *      o ARP header
  *
  * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
  *
@@ -42,11 +43,13 @@
 #include <netinet/udp.h>
 #include <ulogd/ulogd.h>
 #include <ulogd/ipfix_protocol.h>
+#include <netinet/if_ether.h>
 
 enum input_keys {
 	INKEY_RAW_PCKT,
 	INKEY_RAW_PCKTLEN,
 	INKEY_OOB_FAMILY,
+	INKEY_OOB_PROTOCOL,
 };
 
 enum output_keys {
@@ -101,6 +104,14 @@
 	KEY_ICMPV6_ECHOSEQ,
 	KEY_ICMPV6_CSUM,
 	KEY_AHESP_SPI,
+	KEY_OOB_PROTOCOL,
+	KEY_ARP_HTYPE,
+	KEY_ARP_PTYPE,
+	KEY_ARP_OPCODE,
+	KEY_ARP_SHA,
+	KEY_ARP_SPA,
+	KEY_ARP_THA,
+	KEY_ARP_TPA,
 };
 
 static struct ulogd_key iphdr_rets[] = {
@@ -455,7 +466,46 @@
 		.flags = ULOGD_RETF_NONE,
 		.name = "ahesp.spi",
 	},
-
+	[KEY_OOB_PROTOCOL] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "oob.protocol",
+	},
+	[KEY_ARP_HTYPE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.hwtype",
+	},
+	[KEY_ARP_PTYPE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.protocoltype",
+	},
+	[KEY_ARP_OPCODE] = {
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.operation",
+	},
+	[KEY_ARP_SHA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.shwaddr",
+	},
+	[KEY_ARP_SPA] = {
+		.type = ULOGD_RET_IPADDR,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.saddr",
+	},
+	[KEY_ARP_THA] = {
+		.type = ULOGD_RET_RAW,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.dhwaddr",
+	},
+	[KEY_ARP_TPA] = {
+		.type = ULOGD_RET_IPADDR,
+		.flags = ULOGD_RETF_NONE,
+		.name = "arp.daddr",
+	},
 };
 
 /***********************************************************************
@@ -825,16 +875,84 @@
 	return 0;
 }
 
+/***********************************************************************
+ * 			ARP HEADER
+ ***********************************************************************/
+static int _interp_arp(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+	struct ulogd_key *ret = pi->output.keys;
+	const struct ether_arp *arph =
+		GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+
+	if (len < sizeof(struct ether_arp))
+		return 0;
+
+	ret[KEY_ARP_HTYPE].u.value.ui16 = ntohs(arph->arp_hrd);
+	SET_VALID(ret[KEY_ARP_HTYPE]);
+	ret[KEY_ARP_PTYPE].u.value.ui16 = ntohs(arph->arp_pro);
+	SET_VALID(ret[KEY_ARP_PTYPE]);
+	ret[KEY_ARP_OPCODE].u.value.ui16 = ntohs(arph->arp_op);
+	SET_VALID(ret[KEY_ARP_OPCODE]);
+
+	ret[KEY_ARP_SHA].u.value.ptr = &arph->arp_sha;
+	SET_VALID(ret[KEY_ARP_SHA]);
+	ret[KEY_ARP_SPA].u.value.ui32 = (u_int32_t)arph->arp_spa;
+	SET_VALID(ret[KEY_ARP_SPA]);
+
+	ret[KEY_ARP_THA].u.value.ptr = &arph->arp_tha;
+	SET_VALID(ret[KEY_ARP_THA]);
+	ret[KEY_ARP_TPA].u.value.ui32 = (u_int32_t)arph->arp_tpa;
+	SET_VALID(ret[KEY_ARP_TPA]);
+
+	return 0;
+}
+
+/***********************************************************************
+ * 			ETHER HEADER
+ ***********************************************************************/
+
+static int _interp_bridge(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+	struct ulogd_key *ret = pi->output.keys;
+	const struct sk_buff *skb =
+		GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+	const u_int16_t proto =
+		GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+
+	switch (proto) {
+	case ETH_P_IP:
+		_interp_iphdr(pi, len);
+		break;
+	case ETH_P_IPV6:
+		_interp_ipv6hdr(pi, len);
+		break;
+	case ETH_P_ARP:
+		_interp_arp(pi, len);
+		break;
+	/* ETH_P_8021Q ?? others? */
+	};
+
+	return 0;
+}
+
+
 static int _interp_pkt(struct ulogd_pluginstance *pi)
 {
 	u_int32_t len = GET_VALUE(pi->input.keys, INKEY_RAW_PCKTLEN).ui32;
 	u_int8_t family = GET_VALUE(pi->input.keys, INKEY_OOB_FAMILY).ui8;
+	struct ulogd_key *ret = pi->output.keys;
+
+	ret[KEY_OOB_PROTOCOL].u.value.ui16 =
+		GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+	SET_VALID(ret[KEY_OOB_PROTOCOL]);
 
 	switch (family) {
 	case AF_INET:
 		return _interp_iphdr(pi, len);
 	case AF_INET6:
 		return _interp_ipv6hdr(pi, len);
+	case AF_BRIDGE:
+		return _interp_bridge(pi, len);
 	}
 	return 0;
 }
@@ -859,7 +977,12 @@
 	{
 		.type = ULOGD_RET_UINT8,
 		.name = "oob.family",
-	}
+	},
+	{
+		.type = ULOGD_RET_UINT16,
+		.name = "oob.protocol",
+	},
+
 };
 
 static struct ulogd_plugin base_plugin = {

  reply	other threads:[~2008-02-15 17:25 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-11 22:07 [PATCH 0/5] adds ebtables nflog support to ulogd Peter Warasin
2008-02-11 22:07 ` [PATCH 1/5] Adds input keys enumeration Peter Warasin
2008-02-14 14:46   ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 2/5] Adds AF_BRIDGE and ARP header interpreter to BASE plugin Peter Warasin
2008-02-13 23:05   ` [PATCHv2 " Peter Warasin
2008-02-14  7:39     ` Eric Leblond
2008-02-14 11:34       ` [PATCHv3 " Peter Warasin
2008-02-14 15:23         ` Pablo Neira Ayuso
2008-02-15 17:25           ` Peter Warasin [this message]
2008-02-15 17:39             ` [PATCHv4 " Peter Warasin
2008-02-16  0:25               ` [PATCHv5 " Peter Warasin
2008-02-19  0:58                 ` Pablo Neira Ayuso
2008-02-19 10:53                   ` Peter Warasin
2008-02-11 22:07 ` [PATCH 3/5] adds AF_BRIDGE support to PRINTPKT plugin Peter Warasin
2008-02-19 10:54   ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 4/5] adds AF_BRIDGE support to IP2STR Peter Warasin
2008-02-12 20:28   ` Eric Leblond
2008-02-13 11:17     ` Peter Warasin
2008-02-12 21:15   ` Eric Leblond
2008-02-13 11:13     ` Peter Warasin
2008-02-13 23:06       ` [PATCHv2 " Peter Warasin
2008-02-14 11:36         ` [PATCHv3 " Peter Warasin
2008-02-16  0:25           ` [PATCHv4 " Peter Warasin
2008-02-19 10:55             ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 5/5] Adds ebtables nflog stack samples to config file Peter Warasin
2008-02-19 10:56   ` Pablo Neira Ayuso
2008-02-12 20:04 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Bart De Schuymer
2008-02-12 20:30   ` Peter Warasin
2008-02-21 22:23     ` Bart De Schuymer
     [not found]       ` <1203632611.2902.6.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-25 13:55         ` Peter Warasin
     [not found]   ` <1202846691.2901.16.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-19  1:50     ` [PATCH 1/2] Add IPv6 support Tseng, Kuo-Lang
2008-02-19 18:24       ` [Ebtables-devel] " Tseng, Kuo-Lang
     [not found]         ` <3F25FE8C477E9E4FB3D42C2FF937C08A8D0B66-7XlYjKTK0pNQxe9IK+vIArfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2008-02-21 21:29           ` Bart De Schuymer
2008-02-19 15:12   ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47B5CB03.2070903@endian.com \
    --to=peter@endian.com \
    --cc=eric@inl.fr \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.