]> git.ipfire.org Git - thirdparty/ulogd2.git/commitdiff
From: Eric leblond <eric@inl.fr>
author/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Sun, 3 Feb 2008 11:27:14 +0000 (11:27 +0000)
committer/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org </C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org>
Sun, 3 Feb 2008 11:27:14 +0000 (11:27 +0000)
This patch update the printflow output module to be able to print a
whole conntrack entry on a single line.

include/ulogd/printflow.h
util/printflow.c

index 7343a23d908ed23423469bbce375903797ec5417..979f673abd297d3a64b328b54821d201c9202b1e 100644 (file)
@@ -1,7 +1,7 @@
 #ifndef _PRINTFLOW_H
 #define _PRINTFLOW_H
 
-#define FLOW_IDS       10
+#define FLOW_IDS 16
 extern struct ulogd_key printflow_keys[FLOW_IDS];
 
 int printflow_print(struct ulogd_key *res, char *buf);
index 1d0b9e9441fe1136e1231a20a843a1f282a08df4..d80363321262365795815b4385378d5c17b74d18 100644 (file)
 #include <ulogd/printflow.h>
 
 enum printflow_fields {
-       PRINTFLOW_IP_SADDR = 0,
-       PRINTFLOW_IP_DADDR,
-       PRINTFLOW_IP_PROTOCOL,
-       PRINTFLOW_L4_SPORT,
-       PRINTFLOW_L4_DPORT,
-       PRINTFLOW_RAW_PKTLEN,
-       PRINTFLOW_RAW_PKTCOUNT,
+       PRINTFLOW_ORIG_IP_SADDR = 0,
+       PRINTFLOW_ORIG_IP_DADDR,
+       PRINTFLOW_ORIG_IP_PROTOCOL,
+       PRINTFLOW_ORIG_L4_SPORT,
+       PRINTFLOW_ORIG_L4_DPORT,
+       PRINTFLOW_ORIG_RAW_PKTLEN,
+       PRINTFLOW_ORIG_RAW_PKTCOUNT,
+       PRINTFLOW_REPLY_IP_SADDR,
+       PRINTFLOW_REPLY_IP_DADDR,
+       PRINTFLOW_REPLY_IP_PROTOCOL,
+       PRINTFLOW_REPLY_L4_SPORT,
+       PRINTFLOW_REPLY_L4_DPORT,
+       PRINTFLOW_REPLY_RAW_PKTLEN,
+       PRINTFLOW_REPLY_RAW_PKTCOUNT,
        PRINTFLOW_ICMP_CODE,
        PRINTFLOW_ICMP_TYPE,
-       PRINTFLOW_DIR,
 };
 
-struct ulogd_key printflow_keys[] = {
+struct ulogd_key printflow_keys[FLOW_IDS] = {
        {
                .type = ULOGD_RET_IPADDR,
                .flags = ULOGD_RETF_NONE,
-               .name = "ip.saddr",
+               .name = "orig.ip.saddr",
        },
        {
                .type = ULOGD_RET_IPADDR,
                .flags = ULOGD_RETF_NONE,
-               .name = "ip.daddr",
+               .name = "orig.ip.daddr",
        },
        {
                .type = ULOGD_RET_UINT8,
                .flags = ULOGD_RETF_NONE,
-               .name = "ip.protocol",
+               .name = "orig.ip.protocol",
        },
        {
                .type = ULOGD_RET_UINT16,
                .flags = ULOGD_RETF_NONE,
-               .name = "l4.sport",
+               .name = "orig.l4.sport",
        },
        {
                .type = ULOGD_RET_UINT16,
                .flags = ULOGD_RETF_NONE,
-               .name = "l4.dport",
+               .name = "orig.l4.dport",
        },
        {
                .type = ULOGD_RET_UINT32,
                .flags = ULOGD_RETF_NONE,
-               .name = "raw.pktlen",
+               .name = "orig.raw.pktlen",
        },
        {
                .type = ULOGD_RET_UINT32,
                .flags = ULOGD_RETF_NONE,
-               .name = "raw.pktcount",
+               .name = "orig.raw.pktcount",
+       },
+       {
+               .type = ULOGD_RET_IPADDR,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.ip.saddr",
+       },
+       {
+               .type = ULOGD_RET_IPADDR,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.ip.daddr",
        },
        {
                .type = ULOGD_RET_UINT8,
                .flags = ULOGD_RETF_NONE,
-               .name = "icmp.code",
+               .name = "reply.ip.protocol",
+       },
+       {
+               .type = ULOGD_RET_UINT16,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.l4.sport",
+       },
+       {
+               .type = ULOGD_RET_UINT16,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.l4.dport",
+       },
+       {
+               .type = ULOGD_RET_UINT32,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.raw.pktlen",
+       },
+       {
+               .type = ULOGD_RET_UINT32,
+               .flags = ULOGD_RETF_NONE,
+               .name = "reply.raw.pktcount",
        },
        {
                .type = ULOGD_RET_UINT8,
                .flags = ULOGD_RETF_NONE,
-               .name = "icmp.type",
+               .name = "icmp.code",
        },
        {
-               .type = ULOGD_RET_BOOL,
+               .type = ULOGD_RET_UINT8,
                .flags = ULOGD_RETF_NONE,
-               .name = "dir",
+               .name = "icmp.type",
        },
 };
 int printflow_keys_num = sizeof(printflow_keys)/sizeof(*printflow_keys);
@@ -107,32 +143,30 @@ int printflow_print(struct ulogd_key *res, char *buf)
 {
        char *buf_cur = buf;
 
-       if (pp_is_valid(res, PRINTFLOW_DIR))
-               buf_cur += sprintf(buf_cur, "DIR=%s ",
-                               GET_VALUE(res, PRINTFLOW_DIR).b ? "REPLY" : "ORIG ");
+       buf_cur += sprintf(buf_cur, "ORIG: ");
 
-       if (pp_is_valid(res, PRINTFLOW_IP_SADDR))
+       if (pp_is_valid(res, PRINTFLOW_ORIG_IP_SADDR))
                buf_cur += sprintf(buf_cur, "SRC=%s ", inet_ntoa(
-                               (struct in_addr) {htonl(GET_VALUE(res, 0).ui32)}));
+                               (struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_ORIG_IP_SADDR).ui32)}));
 
-       if (pp_is_valid(res, PRINTFLOW_IP_DADDR))
+       if (pp_is_valid(res, PRINTFLOW_ORIG_IP_DADDR))
                buf_cur += sprintf(buf_cur, "DST=%s ", inet_ntoa(
-                               (struct in_addr) {htonl(GET_VALUE(res, 1).ui32)}));
+                               (struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_ORIG_IP_DADDR).ui32)}));
 
-       if (!pp_is_valid(res, PRINTFLOW_IP_PROTOCOL))
-               goto out;
+       if (!pp_is_valid(res, PRINTFLOW_ORIG_IP_PROTOCOL))
+               goto orig_out;
 
-       switch (GET_VALUE(res, PRINTFLOW_IP_PROTOCOL).ui8) {
+       switch (GET_VALUE(res, PRINTFLOW_ORIG_IP_PROTOCOL).ui8) {
        case IPPROTO_TCP:
                buf_cur += sprintf(buf_cur, "PROTO=TCP ");
-               pp_print(buf_cur, "SPT", res, PRINTFLOW_L4_SPORT, ui16);
-               pp_print(buf_cur, "DPT", res, PRINTFLOW_L4_DPORT, ui16);
+               pp_print(buf_cur, "SPT", res, PRINTFLOW_ORIG_L4_SPORT, ui16);
+               pp_print(buf_cur, "DPT", res, PRINTFLOW_ORIG_L4_DPORT, ui16);
                break;
 
        case IPPROTO_UDP:
                buf_cur += sprintf(buf_cur, "PROTO=UDP ");
-               pp_print(buf_cur, "SPT", res, PRINTFLOW_L4_SPORT, ui16);
-               pp_print(buf_cur, "DPT", res, PRINTFLOW_L4_DPORT, ui16);
+               pp_print(buf_cur, "SPT", res, PRINTFLOW_ORIG_L4_SPORT, ui16);
+               pp_print(buf_cur, "DPT", res, PRINTFLOW_ORIG_L4_DPORT, ui16);
                break;
 
        case IPPROTO_ICMP:
@@ -150,14 +184,63 @@ int printflow_print(struct ulogd_key *res, char *buf)
                break;
 
        default:
-               pp_print(buf_cur, "PROTO", res, PRINTFLOW_IP_PROTOCOL, ui8);
+               pp_print(buf_cur, "PROTO", res, PRINTFLOW_ORIG_IP_PROTOCOL, ui8);
                break;
        }
 
-out:
-       pp_print(buf_cur, "PKTS", res, PRINTFLOW_RAW_PKTCOUNT, ui32);
-       pp_print(buf_cur, "BYTES", res, PRINTFLOW_RAW_PKTLEN, ui32);
-       strcat(buf_cur, "\n");
+orig_out:
+       pp_print(buf_cur, "PKTS", res, PRINTFLOW_ORIG_RAW_PKTCOUNT, ui32);
+       pp_print(buf_cur, "BYTES", res, PRINTFLOW_ORIG_RAW_PKTLEN, ui32);
+
+       buf_cur += sprintf(buf_cur, ", REPLY: ");
+
+       if (pp_is_valid(res, PRINTFLOW_REPLY_IP_SADDR))
+               buf_cur += sprintf(buf_cur, "SRC=%s ", inet_ntoa(
+                               (struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_REPLY_IP_SADDR).ui32)}));
+
+       if (pp_is_valid(res, PRINTFLOW_REPLY_IP_DADDR))
+               buf_cur += sprintf(buf_cur, "DST=%s ", inet_ntoa(
+                               (struct in_addr) {htonl(GET_VALUE(res, PRINTFLOW_REPLY_IP_DADDR).ui32)}));
+
+       if (!pp_is_valid(res, PRINTFLOW_REPLY_IP_PROTOCOL))
+               goto reply_out;
+
+       switch (GET_VALUE(res, PRINTFLOW_REPLY_IP_PROTOCOL).ui8) {
+       case IPPROTO_TCP:
+               buf_cur += sprintf(buf_cur, "PROTO=TCP ");
+               pp_print(buf_cur, "SPT", res, PRINTFLOW_REPLY_L4_SPORT, ui16);
+               pp_print(buf_cur, "DPT", res, PRINTFLOW_REPLY_L4_DPORT, ui16);
+               break;
+
+       case IPPROTO_UDP:
+               buf_cur += sprintf(buf_cur, "PROTO=UDP ");
+               pp_print(buf_cur, "SPT", res, PRINTFLOW_REPLY_L4_SPORT, ui16);
+               pp_print(buf_cur, "DPT", res, PRINTFLOW_REPLY_L4_DPORT, ui16);
+               break;
+
+       case IPPROTO_ICMP:
+               buf_cur += sprintf(buf_cur, "PROTO=ICMP ");
+               pp_print(buf_cur, "TYPE", res, PRINTFLOW_ICMP_CODE, ui8);
+               pp_print(buf_cur, "CODE", res, PRINTFLOW_ICMP_TYPE, ui8);
+               break;
+
+       case IPPROTO_ESP:
+               buf_cur += sprintf(buf_cur, "PROTO=ESP ");
+               break;
+
+       case IPPROTO_AH:
+               buf_cur += sprintf(buf_cur, "PROTO=AH ");
+               break;
+
+       default:
+               pp_print(buf_cur, "PROTO", res, PRINTFLOW_REPLY_IP_PROTOCOL, ui8);
+               break;
+       }
 
+reply_out:
+       pp_print(buf_cur, "PKTS", res, PRINTFLOW_REPLY_RAW_PKTCOUNT, ui32);
+       pp_print(buf_cur, "BYTES", res, PRINTFLOW_REPLY_RAW_PKTLEN, ui32);
+
+       strcat(buf_cur, "\n");
        return 0;
 }