]> git.ipfire.org Git - thirdparty/ulogd2.git/commitdiff
projects / thirdparty / ulogd2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aaa536a)
This patch adds support of event type display in printflow filter. This is used
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Wed, 26 Mar 2008 09:42:20 +0000 (09:42 +0000)
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Wed, 26 Mar 2008 09:42:20 +0000 (09:42 +0000)
to display event type in textual output modules. Here's an output example:

[DESTROY] ORIG: SRC=192.168.1.2 DST=192.168.1.255 PROTO=UDP SPT=631 DPT=631 \\
PKTS=1 BYTES=197 , REPLY: SRC=192.168.1.255 DST=192.168.1.2 \\
PROTO=UDP SPT=631 DPT=631 PKTS=0 BYTES=0

Signed-off-by: Eric Leblond <eric@inl.fr>
include/ulogd/printflow.h patch | blob | blame | history
util/printflow.c patch | blob | blame | history

diff --git a/include/ulogd/printflow.h b/include/ulogd/printflow.h
index 979f673abd297d3a64b328b54821d201c9202b1e..b793426b3c8ce0302fe10f9c6c98e85b05cc0a0a 100644 (file)
--- a/include/ulogd/printflow.h
+++ b/include/ulogd/printflow.h
@@ -1,7 +1,7 @@
 #ifndef _PRINTFLOW_H
 #define _PRINTFLOW_H
 
-#define FLOW_IDS 16
+#define FLOW_IDS 17
 extern struct ulogd_key printflow_keys[FLOW_IDS];
 
 int printflow_print(struct ulogd_key *res, char *buf);
diff --git a/util/printflow.c b/util/printflow.c
index 92c4f0fbc2fa715c3c3572d5a2b7e35a97dcdac5..6c2ffd580aad9f5f9e35ed15c727a2428db4dd64 100644 (file)
--- a/util/printflow.c
+++ b/util/printflow.c
@@ -45,6 +45,7 @@ enum printflow_fields {
        PRINTFLOW_REPLY_RAW_PKTCOUNT,
        PRINTFLOW_ICMP_CODE,
        PRINTFLOW_ICMP_TYPE,
+       PRINTFLOW_EVENT_TYPE,
 };
 
 struct ulogd_key printflow_keys[FLOW_IDS] = {
@@ -128,6 +129,11 @@ struct ulogd_key printflow_keys[FLOW_IDS] = {
                .flags = ULOGD_RETF_NONE,
                .name = "icmp.type",
        },
+       {
+               .type = ULOGD_RET_UINT32,
+               .flags = ULOGD_RETF_NONE,
+               .name = "ct.event",
+       },
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
 
@@ -139,6 +145,20 @@ int printflow_print(struct ulogd_key *res, char *buf)
 {
        char *buf_cur = buf;
 
+       if (pp_is_valid(res, PRINTFLOW_EVENT_TYPE)) {
+               switch (GET_VALUE(res, PRINTFLOW_EVENT_TYPE).ui32) {
+                       case 1:
+                               buf_cur += sprintf(buf_cur, "[NEW] ");
+                               break;
+                       case 2:
+                               buf_cur += sprintf(buf_cur, "[UPDATE] ");
+                               break;
+                       case 3:
+                               buf_cur += sprintf(buf_cur, "[DESTROY] ");
+                               break;
+               }
+       }
+
        buf_cur += sprintf(buf_cur, "ORIG: ");
 
        if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))
Mirror of https://git.netfilter.org/ulogd2.git