From: Peter Warasin <peter@endian.com>
To: Eric Leblond <eric@inl.fr>
Cc: netfilter-devel@vger.kernel.org
Subject: [PATCHv3 2/5] Adds AF_BRIDGE and ARP header interpreter to BASE plugin
Date: Thu, 14 Feb 2008 12:34:56 +0100 [thread overview]
Message-ID: <47B42760.5080603@endian.com> (raw)
In-Reply-To: <4279.80.214.249.17.1202974766.squirrel@mail.inl.fr>
[-- Attachment #1: Type: text/plain, Size: 427 bytes --]
Hi Eric
Eric Leblond wrote:
> I did not drink cofee this morning, and thus I may be wrong, but it seems
> you've sent the same patch as yesterday. KEY_ARP_SPA is still of type RAW
> for example. The other patch seems also unchanged.
>
Oh my. I think it was to late yesterday. Took the
wrong directory :/
Here is the correct patch attached.
I hope so, did not drink coffee either :)
Sorry for the inconveniences
peter
[-- Attachment #2: ulogd2-PF_BRIDGE.patch --]
[-- Type: text/x-patch, Size: 4987 bytes --]
Adds AF_BRIDGE and ARP header interpreter to BASE plugin
This patch adds an AF_BRIDGE interpreter to
ulogd_raw2packet_BASE plugin, which allows to log
packets coming from ebtables.
It also adds an ARP header decoder.
Signed-off-by: Peter Warasin <peter@endian.com>
---
filter/raw2packet/ulogd_raw2packet_BASE.c | 127 +++++++++++++++++++++++++++++-
1 file changed, 125 insertions(+), 2 deletions(-)
Index: ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c
===================================================================
--- ulogd2.orig/filter/raw2packet/ulogd_raw2packet_BASE.c 2008-02-11 23:07:26.000000000 +0100
+++ ulogd2/filter/raw2packet/ulogd_raw2packet_BASE.c 2008-02-13 23:20:42.000000000 +0100
@@ -10,6 +10,7 @@
* o UDP header
* o ICMP header
* o AH/ESP header
+ * o ARP header
*
* (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
*
@@ -42,11 +43,13 @@
#include <netinet/udp.h>
#include <ulogd/ulogd.h>
#include <ulogd/ipfix_protocol.h>
+#include <netinet/if_ether.h>
enum input_keys {
INKEY_RAW_PCKT,
INKEY_RAW_PCKTLEN,
INKEY_OOB_FAMILY,
+ INKEY_OOB_PROTOCOL,
};
enum output_keys {
@@ -101,6 +104,14 @@
KEY_ICMPV6_ECHOSEQ,
KEY_ICMPV6_CSUM,
KEY_AHESP_SPI,
+ KEY_OOB_PROTOCOL,
+ KEY_ARP_HTYPE,
+ KEY_ARP_PTYPE,
+ KEY_ARP_OPCODE,
+ KEY_ARP_SHA,
+ KEY_ARP_SPA,
+ KEY_ARP_THA,
+ KEY_ARP_TPA,
};
static struct ulogd_key iphdr_rets[] = {
@@ -455,7 +466,46 @@
.flags = ULOGD_RETF_NONE,
.name = "ahesp.spi",
},
-
+ [KEY_OOB_PROTOCOL] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "oob.protocol",
+ },
+ [KEY_ARP_HTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.hwtype",
+ },
+ [KEY_ARP_PTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.protocoltype",
+ },
+ [KEY_ARP_OPCODE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.operation",
+ },
+ [KEY_ARP_SHA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.shwaddr",
+ },
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_THA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.dhwaddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.daddr",
+ },
};
/***********************************************************************
@@ -825,16 +875,84 @@
return 0;
}
+/***********************************************************************
+ * ARP HEADER
+ ***********************************************************************/
+static int _interp_arp(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct ether_arp *arph =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+
+ if (len < sizeof(struct ether_arp))
+ return 0;
+
+ ret[KEY_ARP_HTYPE].u.value.ui16 = ntohs(arph->arp_hrd);
+ SET_VALID(ret[KEY_ARP_HTYPE]);
+ ret[KEY_ARP_PTYPE].u.value.ui16 = ntohs(arph->arp_pro);
+ SET_VALID(ret[KEY_ARP_PTYPE]);
+ ret[KEY_ARP_OPCODE].u.value.ui16 = ntohs(arph->arp_op);
+ SET_VALID(ret[KEY_ARP_OPCODE]);
+
+ ret[KEY_ARP_SHA].u.value.ptr = &arph->arp_sha;
+ SET_VALID(ret[KEY_ARP_SHA]);
+ ret[KEY_ARP_SPA].u.value.ui32 = &arph->arp_spa;
+ SET_VALID(ret[KEY_ARP_SPA]);
+
+ ret[KEY_ARP_THA].u.value.ptr = &arph->arp_tha;
+ SET_VALID(ret[KEY_ARP_THA]);
+ ret[KEY_ARP_TPA].u.value.ui32 = &arph->arp_tpa;
+ SET_VALID(ret[KEY_ARP_TPA]);
+
+ return 0;
+}
+
+/***********************************************************************
+ * ETHER HEADER
+ ***********************************************************************/
+
+static int _interp_bridge(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct sk_buff *skb =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+ const u_int16_t proto =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+
+ switch (proto) {
+ case ETH_P_IP:
+ _interp_iphdr(pi, len);
+ break;
+ case ETH_P_IPV6:
+ _interp_ipv6hdr(pi, len);
+ break;
+ case ETH_P_ARP:
+ _interp_arp(pi, len);
+ break;
+ /* ETH_P_8021Q ?? others? */
+ };
+
+ return 0;
+}
+
+
static int _interp_pkt(struct ulogd_pluginstance *pi)
{
u_int32_t len = GET_VALUE(pi->input.keys, INKEY_RAW_PCKTLEN).ui32;
u_int8_t family = GET_VALUE(pi->input.keys, INKEY_OOB_FAMILY).ui8;
+ struct ulogd_key *ret = pi->output.keys;
+
+ ret[KEY_OOB_PROTOCOL].u.value.ui16 =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+ SET_VALID(ret[KEY_OOB_PROTOCOL]);
switch (family) {
case AF_INET:
return _interp_iphdr(pi, len);
case AF_INET6:
return _interp_ipv6hdr(pi, len);
+ case AF_BRIDGE:
+ return _interp_bridge(pi, len);
}
return 0;
}
@@ -859,7 +977,12 @@
{
.type = ULOGD_RET_UINT8,
.name = "oob.family",
- }
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .name = "oob.protocol",
+ },
+
};
static struct ulogd_plugin base_plugin = {
next prev parent reply other threads:[~2008-02-14 11:35 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-11 22:07 [PATCH 0/5] adds ebtables nflog support to ulogd Peter Warasin
2008-02-11 22:07 ` [PATCH 1/5] Adds input keys enumeration Peter Warasin
2008-02-14 14:46 ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 2/5] Adds AF_BRIDGE and ARP header interpreter to BASE plugin Peter Warasin
2008-02-13 23:05 ` [PATCHv2 " Peter Warasin
2008-02-14 7:39 ` Eric Leblond
2008-02-14 11:34 ` Peter Warasin [this message]
2008-02-14 15:23 ` [PATCHv3 " Pablo Neira Ayuso
2008-02-15 17:25 ` [PATCHv4 " Peter Warasin
2008-02-15 17:39 ` Peter Warasin
2008-02-16 0:25 ` [PATCHv5 " Peter Warasin
2008-02-19 0:58 ` Pablo Neira Ayuso
2008-02-19 10:53 ` Peter Warasin
2008-02-11 22:07 ` [PATCH 3/5] adds AF_BRIDGE support to PRINTPKT plugin Peter Warasin
2008-02-19 10:54 ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 4/5] adds AF_BRIDGE support to IP2STR Peter Warasin
2008-02-12 20:28 ` Eric Leblond
2008-02-13 11:17 ` Peter Warasin
2008-02-12 21:15 ` Eric Leblond
2008-02-13 11:13 ` Peter Warasin
2008-02-13 23:06 ` [PATCHv2 " Peter Warasin
2008-02-14 11:36 ` [PATCHv3 " Peter Warasin
2008-02-16 0:25 ` [PATCHv4 " Peter Warasin
2008-02-19 10:55 ` Pablo Neira Ayuso
2008-02-11 22:07 ` [PATCH 5/5] Adds ebtables nflog stack samples to config file Peter Warasin
2008-02-19 10:56 ` Pablo Neira Ayuso
2008-02-12 20:04 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Bart De Schuymer
2008-02-12 20:30 ` Peter Warasin
2008-02-21 22:23 ` Bart De Schuymer
[not found] ` <1203632611.2902.6.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-25 13:55 ` Peter Warasin
[not found] ` <1202846691.2901.16.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-02-19 1:50 ` [PATCH 1/2] Add IPv6 support Tseng, Kuo-Lang
2008-02-19 18:24 ` [Ebtables-devel] " Tseng, Kuo-Lang
[not found] ` <3F25FE8C477E9E4FB3D42C2FF937C08A8D0B66-7XlYjKTK0pNQxe9IK+vIArfspsVTdybXVpNB7YpNyf8@public.gmane.org>
2008-02-21 21:29 ` Bart De Schuymer
2008-02-19 15:12 ` [Ebtables-devel] [PATCH 0/5] adds ebtables nflog support to ulogd Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47B42760.5080603@endian.com \
--to=peter@endian.com \
--cc=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).