ulogd2: fix ULOG input plugin

ulogd2: fix ULOG input plugin

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 174 bytes --]

Hi,

The ULOG input plugin of ulogd2 was not working. This patch fixes this
and cleans the code via introduction of an enum.

BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: ulogd2-make-ulog-input-work.diff --]
[-- Type: text/x-patch, Size: 4955 bytes --]

=== input/packet/ulogd_inppkt_NFLOG.c
==================================================================
--- input/packet/ulogd_inppkt_NFLOG.c	(revision 224)
+++ input/packet/ulogd_inppkt_NFLOG.c	(revision 225)
@@ -14,7 +14,7 @@
 #define NFLOG_GROUP_DEFAULT	0
 #endif
 
-/* Size of the socket recevive memory.  Should be at least the same size as the
+/* Size of the socket receive memory.  Should be at least the same size as the
  * 'nlbufsiz' parameter of nfnetlink_log.ko
  * If you have _big_ in-kernel queues, you may have to increase this number.  (
  * --qthreshold 100 * 1500 bytes/packet = 150kB  */
@@ -89,6 +89,24 @@
 #define seq_ce(x)	(x->ces[4])
 #define seq_global_ce(x)	(x->ces[5])
 
+enum nflog_keys {
+	NFLOG_KEY_RAW_MAC = 0,
+	NFLOG_KEY_RAW_PCKT,
+	NFLOG_KEY_RAW_PCKTLEN,
+	NFLOG_KEY_RAW_PCKTCOUNT,
+	NFLOG_KEY_OOB_PREFIX,
+	NFLOG_KEY_OOB_TIME_SEC,
+	NFLOG_KEY_OOB_TIME_USEC,
+	NFLOG_KEY_OOB_MARK,
+	NFLOG_KEY_OOB_IFINDEX_IN,
+	NFLOG_KEY_OOB_IFINDEX_OUT,
+	NFLOG_KEY_OOB_HOOK,
+	NFLOG_KEY_RAW_MAC_LEN,
+	NFLOG_KEY_OOB_SEQ_LOCAL,
+	NFLOG_KEY_OOB_SEQ_GLOBAL,
+	NFLOG_KEY_OOB_FAMILY,
+	NFLOG_KEY_OOB_PROTOCOL,
+};
 
 static struct ulogd_key output_keys[] = {
 	{ 
@@ -240,71 +258,71 @@
 	u_int32_t outdev = nflog_get_outdev(ldata);
 	u_int32_t seq;
 
-	ret[14].u.value.ui8 = af_ce(upi->config_kset).u.value;
+	ret[NFLOG_KEY_OOB_FAMILY].u.value.ui8 = af_ce(upi->config_kset).u.value;
 
 	if (ph) {
 		/* FIXME */
-		ret[10].u.value.ui8 = ph->hook;
-		ret[10].flags |= ULOGD_RETF_VALID;
-		ret[15].u.value.ui16 = ntohs(ph->hw_protocol);
-		ret[15].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_HOOK].u.value.ui8 = ph->hook;
+		ret[NFLOG_KEY_OOB_HOOK].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_PROTOCOL].u.value.ui16 = ntohs(ph->hw_protocol);
+		ret[NFLOG_KEY_OOB_PROTOCOL].flags |= ULOGD_RETF_VALID;
 	}
 
 	if (hw) {
-		ret[0].u.value.ptr = hw->hw_addr;
-		ret[0].flags |= ULOGD_RETF_VALID;
-		ret[11].u.value.ui16 = ntohs(hw->hw_addrlen);
-		ret[11].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_RAW_MAC].u.value.ptr = hw->hw_addr;
+		ret[NFLOG_KEY_RAW_MAC].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_RAW_MAC_LEN].u.value.ui16 = ntohs(hw->hw_addrlen);
+		ret[NFLOG_KEY_RAW_MAC_LEN].flags |= ULOGD_RETF_VALID;
 	}
 
 	if (payload_len >= 0) {
 		/* include pointer to raw packet */
-		ret[1].u.value.ptr = payload;
-		ret[1].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_RAW_PCKT].u.value.ptr = payload;
+		ret[NFLOG_KEY_RAW_PCKT].flags |= ULOGD_RETF_VALID;
 
-		ret[2].u.value.ui32 = payload_len;
-		ret[2].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_RAW_PCKTLEN].u.value.ui32 = payload_len;
+		ret[NFLOG_KEY_RAW_PCKTLEN].flags |= ULOGD_RETF_VALID;
 	}
 
 	/* number of packets */
-	ret[3].u.value.ui32 = 1;
-	ret[3].flags |= ULOGD_RETF_VALID;
+	ret[NFLOG_KEY_RAW_PCKTCOUNT].u.value.ui32 = 1;
+	ret[NFLOG_KEY_RAW_PCKTCOUNT].flags |= ULOGD_RETF_VALID;
 
 	if (prefix) {
-		ret[4].u.value.ptr = prefix;
-		ret[4].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_PREFIX].u.value.ptr = prefix;
+		ret[NFLOG_KEY_OOB_PREFIX].flags |= ULOGD_RETF_VALID;
 	}
 
 	/* god knows why timestamp_usec contains crap if timestamp_sec
 	 * == 0 if (pkt->timestamp_sec || pkt->timestamp_usec) { */
 	if (nflog_get_timestamp(ldata, &ts) == 0 && ts.tv_sec) {
 		/* FIXME: convert endianness */
-		ret[5].u.value.ui32 = ts.tv_sec & 0xffffffff;
-		ret[5].flags |= ULOGD_RETF_VALID;
-		ret[6].u.value.ui32 = ts.tv_usec & 0xffffffff;
-		ret[6].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_TIME_SEC].u.value.ui32 = ts.tv_sec & 0xffffffff;
+		ret[NFLOG_KEY_OOB_TIME_SEC].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_TIME_USEC].u.value.ui32 = ts.tv_usec & 0xffffffff;
+		ret[NFLOG_KEY_OOB_TIME_USEC].flags |= ULOGD_RETF_VALID;
 	}
 
-	ret[7].u.value.ui32 = mark;
-	ret[7].flags |= ULOGD_RETF_VALID;
+	ret[NFLOG_KEY_OOB_MARK].u.value.ui32 = mark;
+	ret[NFLOG_KEY_OOB_MARK].flags |= ULOGD_RETF_VALID;
 
 	if (indev > 0) {
-		ret[8].u.value.ui32 = indev;
-		ret[8].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_IFINDEX_IN].u.value.ui32 = indev;
+		ret[NFLOG_KEY_OOB_IFINDEX_IN].flags |= ULOGD_RETF_VALID;
 	}
 
 	if (outdev > 0) {
-		ret[9].u.value.ui32 = outdev;
-		ret[9].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_IFINDEX_OUT].u.value.ui32 = outdev;
+		ret[NFLOG_KEY_OOB_IFINDEX_OUT].flags |= ULOGD_RETF_VALID;
 	}
 
 	if (nflog_get_seq(ldata, &seq)) {
-		ret[12].u.value.ui32 = seq;
-		ret[12].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_SEQ_LOCAL].u.value.ui32 = seq;
+		ret[NFLOG_KEY_OOB_SEQ_LOCAL].flags |= ULOGD_RETF_VALID;
 	}
 	if (nflog_get_seq_global(ldata, &seq)) {
-		ret[13].u.value.ui32 = seq;
-		ret[13].flags |= ULOGD_RETF_VALID;
+		ret[NFLOG_KEY_OOB_SEQ_GLOBAL].u.value.ui32 = seq;
+		ret[NFLOG_KEY_OOB_SEQ_GLOBAL].flags |= ULOGD_RETF_VALID;
 	}
 	ulogd_propagate_results(upi);
 	return 0;

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Resend: ulogd2: fix ULOG input plugin

[Eric Leblond]

[-- Attachment #1.1: Type: text/plain, Size: 332 bytes --]

Hi,

Same problem as in previous patch.

Here's the correct one.

BR,

Le vendredi 04 janvier 2008 à 00:48 +0100, Eric Leblond a écrit :
> Hi,
> 
> The ULOG input plugin of ulogd2 was not working. This patch fixes this
> and cleans the code via introduction of an enum.
> 
> BR,
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #1.2: ulogd2-make-ulog-input-work.diff --]
[-- Type: text/x-patch, Size: 5439 bytes --]

=== input/packet/ulogd_inppkt_ULOG.c
==================================================================
--- input/packet/ulogd_inppkt_ULOG.c	(revision 225)
+++ input/packet/ulogd_inppkt_ULOG.c	(revision 226)
@@ -5,7 +5,9 @@
 
 #include <unistd.h>
 #include <stdlib.h>
+#include <arpa/inet.h>
 
+
 #include <ulogd/ulogd.h>
 #include <libipulog/libipulog.h>
 
@@ -54,12 +56,31 @@
 	},
 	}
 };
+enum ulog_keys {
+	ULOG_KEY_RAW_MAC = 0,
+	ULOG_KEY_RAW_PCKT,
+	ULOG_KEY_RAW_PCKTLEN,
+	ULOG_KEY_RAW_PCKTCOUNT,
+	ULOG_KEY_OOB_PREFIX,
+	ULOG_KEY_OOB_TIME_SEC,
+	ULOG_KEY_OOB_TIME_USEC,
+	ULOG_KEY_OOB_MARK,
+	ULOG_KEY_OOB_IN,
+	ULOG_KEY_OOB_OUT,
+	ULOG_KEY_RAW_MAC_LEN,
+	ULOG_KEY_OOB_FAMILY,
+	ULOG_KEY_OOB_PROTOCOL,
+};
 
 static struct ulogd_key output_keys[] = {
 	{ 
-		.type = ULOGD_RET_STRING, 
+		.type = ULOGD_RET_RAW, 
 		.flags = ULOGD_RETF_NONE, 
 		.name = "raw.mac", 
+		.ipfix = {
+			.vendor = IPFIX_VENDOR_IETF,
+			.field_id = IPFIX_sourceMacAddress,
+		},
 	},
 	{
 		.type = ULOGD_RET_RAW,
@@ -121,61 +142,72 @@
 		.flags = ULOGD_RETF_NONE,
 		.name = "oob.out", 
 	},
+	{ 
+		.type = ULOGD_RET_STRING, 
+		.flags = ULOGD_RETF_NONE, 
+		.name = "raw.mac_len", 
+	},
+	{
+		.type = ULOGD_RET_UINT8,
+		.flags = ULOGD_RETF_NONE,
+		.name = "oob.family",
+	},
+	{
+		.type = ULOGD_RET_UINT16,
+		.flags = ULOGD_RETF_NONE,
+		.name = "oob.protocol",
+	},
+
 };
 
 static int interp_packet(struct ulogd_pluginstance *ip, ulog_packet_msg_t *pkt)
 {
-	unsigned char *p;
-	int i;
-	char *buf, *oldbuf = NULL;
 	struct ulogd_key *ret = ip->output.keys;
 
 	if (pkt->mac_len) {
-		buf = (char *) malloc(3 * pkt->mac_len + 1);
-		if (!buf) {
-			ulogd_log(ULOGD_ERROR, "OOM!!!\n");
-			return -1;
-		}
-		*buf = '\0';
-
-		p = pkt->mac;
-		oldbuf = buf;
-		for (i = 0; i < pkt->mac_len; i++, p++)
-			sprintf(buf, "%s%02x%c", oldbuf, *p, i==pkt->mac_len-1 ? ' ':':');
-		ret[0].u.value.ptr = buf;
-		ret[0].flags |= ULOGD_RETF_VALID;
+		ret[ULOG_KEY_RAW_MAC].u.value.ptr = pkt->mac;
+		ret[ULOG_KEY_RAW_MAC].flags |= ULOGD_RETF_VALID;
+		ret[ULOG_KEY_RAW_MAC_LEN].u.value.ui16 = ntohs(pkt->mac_len);
+		ret[ULOG_KEY_RAW_MAC_LEN].flags |= ULOGD_RETF_VALID;
 	}
 
 	/* include pointer to raw ipv4 packet */
-	ret[1].u.value.ptr = pkt->payload;
-	ret[1].flags |= ULOGD_RETF_VALID;
-	ret[2].u.value.ui32 = pkt->data_len;
-	ret[2].flags |= ULOGD_RETF_VALID;
-	ret[3].u.value.ui32 = 1;
-	ret[3].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_RAW_PCKT].u.value.ptr = pkt->payload;
+	ret[ULOG_KEY_RAW_PCKT].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_RAW_PCKTLEN].u.value.ui32 = pkt->data_len;
+	ret[ULOG_KEY_RAW_PCKTLEN].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_RAW_PCKTCOUNT].u.value.ui32 = 1;
+	ret[ULOG_KEY_RAW_PCKTCOUNT].flags |= ULOGD_RETF_VALID;
 
-	ret[4].u.value.ptr = pkt->prefix;
-	ret[4].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_OOB_PREFIX].u.value.ptr = pkt->prefix;
+	ret[ULOG_KEY_OOB_PREFIX].flags |= ULOGD_RETF_VALID;
 
 	/* god knows why timestamp_usec contains crap if timestamp_sec == 0
 	 * if (pkt->timestamp_sec || pkt->timestamp_usec) { */
 	if (pkt->timestamp_sec) {
-		ret[5].u.value.ui32 = pkt->timestamp_sec;
-		ret[5].flags |= ULOGD_RETF_VALID;
-		ret[6].u.value.ui32 = pkt->timestamp_usec;
-		ret[6].flags |= ULOGD_RETF_VALID;
+		ret[ULOG_KEY_OOB_TIME_SEC].u.value.ui32 = pkt->timestamp_sec;
+		ret[ULOG_KEY_OOB_TIME_SEC].flags |= ULOGD_RETF_VALID;
+		ret[ULOG_KEY_OOB_TIME_USEC].u.value.ui32 = pkt->timestamp_usec;
+		ret[ULOG_KEY_OOB_TIME_USEC].flags |= ULOGD_RETF_VALID;
 	} else {
-		ret[5].flags &= ~ULOGD_RETF_VALID;
-		ret[6].flags &= ~ULOGD_RETF_VALID;
+		ret[ULOG_KEY_OOB_TIME_SEC].flags &= ~ULOGD_RETF_VALID;
+		ret[ULOG_KEY_OOB_TIME_USEC].flags &= ~ULOGD_RETF_VALID;
 	}
 
-	ret[7].u.value.ui32 = pkt->mark;
-	ret[7].flags |= ULOGD_RETF_VALID;
-	ret[8].u.value.ptr = pkt->indev_name;
-	ret[8].flags |= ULOGD_RETF_VALID;
-	ret[9].u.value.ptr = pkt->outdev_name;
-	ret[9].flags |= ULOGD_RETF_VALID;
-	
+	ret[ULOG_KEY_OOB_MARK].u.value.ui32 = pkt->mark;
+	ret[ULOG_KEY_OOB_MARK].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_OOB_IN].u.value.ptr = pkt->indev_name;
+	ret[ULOG_KEY_OOB_IN].flags |= ULOGD_RETF_VALID;
+	ret[ULOG_KEY_OOB_OUT].u.value.ptr = pkt->outdev_name;
+	ret[ULOG_KEY_OOB_OUT].flags |= ULOGD_RETF_VALID;
+
+	/* ULOG is IPv4 only */
+	ret[ULOG_KEY_OOB_FAMILY].u.value.ui8 = AF_INET;
+	ret[ULOG_KEY_OOB_FAMILY].flags |= ULOGD_RETF_VALID;
+	/* Undef in ULOG but necessary */
+	ret[ULOG_KEY_OOB_PROTOCOL].u.value.ui16 = 0;
+	ret[ULOG_KEY_OOB_PROTOCOL].flags |= ULOGD_RETF_VALID;
+
 	ulogd_propagate_results(ip);
 	return 0;
 }
=== ulogd.conf.in
==================================================================
--- ulogd.conf.in	(revision 225)
+++ ulogd.conf.in	(revision 226)
@@ -44,6 +44,9 @@
 # this is a stack for packet-based logging via LOGEMU
 #stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
 
+# this is a stack for ULOG packet-based logging via LOGEMU
+#stack=ulog1:ULOG,base1:BASE,print1:PRINTPKT,emu1:LOGEMU
+
 # this is a stack for flow-based logging via LOGEMU
 #stack=ct1:NFCT,print1:PRINTFLOW,emu1:LOGEMU
 
@@ -56,6 +59,9 @@
 # netlink multicast group (the same as the iptables --ulog-nlgroup param)
 group=0
 
+[ulog1]
+nlgroup=1
+
 [emu1]
 file="/var/log/ulogd_syslogemu.log"
 sync=1

[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Resend: ulogd2: fix ULOG input plugin

[Patrick McHardy]

Eric Leblond wrote:
> Le vendredi 04 janvier 2008 à 00:48 +0100, Eric Leblond a écrit :
>> Hi,
>>
>> The ULOG input plugin of ulogd2 was not working. This patch fixes this
>> and cleans the code via introduction of an enum.


Also applied, thanks. A slightly more detailed description for the
Changelog would be appreciated though :)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html