From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Ken-ichirou MATSUZAWA <chamas@h4.dion.ne.jp>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH libnetfilter_log] src: support conntrack XML output
Date: Tue, 12 Oct 2021 01:36:21 +0200 [thread overview]
Message-ID: <YWTKdTsedRgM6Lgh@salvia> (raw)
In-Reply-To: <20210917220232.36907-1-chamas@h4.dion.ne.jp>
Hi,
On Sat, Sep 18, 2021 at 07:02:33AM +0900, Ken-ichirou MATSUZAWA wrote:
> This patch enables to let conntrack information including XML output.
> ---
> Hi,
>
> I think there are two issues. First, it deals with obsolete libnfnetlink
> internal data. The other is that the family of nfgenmsg is not available, so the
> ethernet hw protocol type is used. Are these acceptable?
> About ethernet type, should I use IP version from payload?
This is also creating an interdependency between the two libraries.
I'd suggest you expose the conntrack ID through the XML output of the
packet, this would require minimal parsing of the CT netlink attribute.
Then, print the conntrack object in XML including this ID too so
userspace can relate them?
> ----
>
> include/libnetfilter_log/libnetfilter_log.h | 4 +++
> src/Makefile.am | 5 +++
> src/libnetfilter_log.c | 35 +++++++++++++++++++++
> 3 files changed, 44 insertions(+)
>
> diff --git a/include/libnetfilter_log/libnetfilter_log.h b/include/libnetfilter_log/libnetfilter_log.h
> index 6192fa3..a98a39e 100644
> --- a/include/libnetfilter_log/libnetfilter_log.h
> +++ b/include/libnetfilter_log/libnetfilter_log.h
> @@ -82,6 +82,10 @@ enum {
> NFLOG_XML_PHYSDEV = (1 << 4),
> NFLOG_XML_PAYLOAD = (1 << 5),
> NFLOG_XML_TIME = (1 << 6),
> +#ifdef BUILD_NFCT
> + NFLOG_XML_CT = (1 << 7),
> + NFLOG_XML_CT_TIMESTAMP = (1 << 8),
> +#endif
> NFLOG_XML_ALL = ~0U,
> };
>
> diff --git a/src/Makefile.am b/src/Makefile.am
> index 335c393..bc8da41 100644
> --- a/src/Makefile.am
> +++ b/src/Makefile.am
> @@ -37,3 +37,8 @@ libnetfilter_log_libipulog_la_LDFLAGS = -Wc,-nostartfiles \
> libnetfilter_log_libipulog_la_LIBADD = libnetfilter_log.la ${LIBNFNETLINK_LIBS}
> libnetfilter_log_libipulog_la_SOURCES = libipulog_compat.c
> endif
> +
> +if BUILD_NFCT
> +libnetfilter_log_la_LDFLAGS += $(LIBNETFILTER_CONNTRACK_LIBS)
> +libnetfilter_log_la_CPPFLAGS = ${AM_CPPFLAGS} ${LIBNETFILTER_CONNTRACK_CFLAGS} -DBUILD_NFCT
> +endif
> diff --git a/src/libnetfilter_log.c b/src/libnetfilter_log.c
> index 567049c..aa97b51 100644
> --- a/src/libnetfilter_log.c
> +++ b/src/libnetfilter_log.c
> @@ -33,6 +33,11 @@
> #include <libnfnetlink/libnfnetlink.h>
> #include <libnetfilter_log/libnetfilter_log.h>
>
> +#ifdef BUILD_NFCT
> +#include <libmnl/libmnl.h>
> +#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
> +#endif
> +
> /**
> * \mainpage
> *
> @@ -907,6 +912,8 @@ do { \
> * - NFLOG_XML_PHYSDEV: include the physical device information
> * - NFLOG_XML_PAYLOAD: include the payload (in hexadecimal)
> * - NFLOG_XML_TIME: include the timestamp
> + * - NFLOG_XML_CT: include conntrack entry
> + * - NFLOG_XML_CT_TIMESTAMP: include conntrack timestamp
> * - NFLOG_XML_ALL: include all the logging information (all flags set)
> *
> * You can combine this flags with an binary OR.
> @@ -1056,6 +1063,34 @@ int nflog_snprintf_xml(char *buf, size_t rem, struct nflog_data *tb, int flags)
> SNPRINTF_FAILURE(size, rem, offset, len);
> }
>
> +#ifdef BUILD_NFCT
> + if (flags & NFLOG_XML_CT) {
> + struct nlattr *ctattr = (struct nlattr *)tb->nfa[NFULA_CT - 1];
> + struct nf_conntrack *ct = nfct_new();
> + unsigned int ct_flags = 0;
> + uint8_t family = 0;
> + uint16_t hw_proto = ntohs(ph->hw_protocol);
> +
> + if (!ctattr) goto close_tag;
> + if (hw_proto == 0x0800)
> + family = AF_INET;
> + else if (hw_proto == 0x86dd)
> + family = AF_INET6;
> + else
> + goto close_tag;
> +
> + if (nfct_payload_parse(mnl_attr_get_payload(ctattr),
> + mnl_attr_get_payload_len(ctattr),
> + family, ct) < 0)
> + goto close_tag;
> + if (flags & NFLOG_XML_CT_TIMESTAMP)
> + ct_flags |= NFCT_OF_TIMESTAMP;
> + size = nfct_snprintf(buf + offset, rem, ct, 0, NFCT_O_XML,
> + ct_flags);
> + SNPRINTF_FAILURE(size, rem, offset, len);
> + }
> +close_tag:
> +#endif
> size = snprintf(buf + offset, rem, "</log>");
> SNPRINTF_FAILURE(size, rem, offset, len);
>
> --
> 2.30.2
>
next prev parent reply other threads:[~2021-10-11 23:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-17 22:02 [RFC PATCH libnetfilter_log] src: support conntrack XML output Ken-ichirou MATSUZAWA
2021-10-11 23:36 ` Pablo Neira Ayuso [this message]
2021-10-12 4:39 ` [PATCH libnf-log] src: add conntrack ID to " Ken-ichirou MATSUZAWA
2021-11-08 11:45 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YWTKdTsedRgM6Lgh@salvia \
--to=pablo@netfilter.org \
--cc=chamas@h4.dion.ne.jp \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).