* o UDP header
* o ICMP header
* o AH/ESP header
+ * o ARP header
*
* (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
*
#include <netinet/udp.h>
#include <ulogd/ulogd.h>
#include <ulogd/ipfix_protocol.h>
+#include <netinet/if_ether.h>
enum input_keys {
INKEY_RAW_PCKT,
INKEY_RAW_PCKTLEN,
INKEY_OOB_FAMILY,
+ INKEY_OOB_PROTOCOL,
};
enum output_keys {
KEY_ICMPV6_ECHOSEQ,
KEY_ICMPV6_CSUM,
KEY_AHESP_SPI,
+ KEY_OOB_PROTOCOL,
+ KEY_ARP_HTYPE,
+ KEY_ARP_PTYPE,
+ KEY_ARP_OPCODE,
+ KEY_ARP_SHA,
+ KEY_ARP_SPA,
+ KEY_ARP_THA,
+ KEY_ARP_TPA,
};
static struct ulogd_key iphdr_rets[] = {
.flags = ULOGD_RETF_NONE,
.name = "ahesp.spi",
},
-
+ [KEY_OOB_PROTOCOL] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "oob.protocol",
+ },
+ [KEY_ARP_HTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.hwtype",
+ },
+ [KEY_ARP_PTYPE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.protocoltype",
+ },
+ [KEY_ARP_OPCODE] = {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.operation",
+ },
+ [KEY_ARP_SHA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.shwaddr",
+ },
+ [KEY_ARP_SPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.saddr",
+ },
+ [KEY_ARP_THA] = {
+ .type = ULOGD_RET_RAW,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.dhwaddr",
+ },
+ [KEY_ARP_TPA] = {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .name = "arp.daddr",
+ },
};
/***********************************************************************
return 0;
}
+/***********************************************************************
+ * ARP HEADER
+ ***********************************************************************/
+static int _interp_arp(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct ether_arp *arph =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+
+ if (len < sizeof(struct ether_arp))
+ return 0;
+
+ ret[KEY_ARP_HTYPE].u.value.ui16 = ntohs(arph->arp_hrd);
+ SET_VALID(ret[KEY_ARP_HTYPE]);
+ ret[KEY_ARP_PTYPE].u.value.ui16 = ntohs(arph->arp_pro);
+ SET_VALID(ret[KEY_ARP_PTYPE]);
+ ret[KEY_ARP_OPCODE].u.value.ui16 = ntohs(arph->arp_op);
+ SET_VALID(ret[KEY_ARP_OPCODE]);
+
+ ret[KEY_ARP_SHA].u.value.ptr = &arph->arp_sha;
+ SET_VALID(ret[KEY_ARP_SHA]);
+ ret[KEY_ARP_SPA].u.value.ptr = &arph->arp_spa;
+ SET_VALID(ret[KEY_ARP_SPA]);
+
+ ret[KEY_ARP_THA].u.value.ptr = &arph->arp_tha;
+ SET_VALID(ret[KEY_ARP_THA]);
+ ret[KEY_ARP_TPA].u.value.ptr = &arph->arp_tpa;
+ SET_VALID(ret[KEY_ARP_TPA]);
+
+ return 0;
+}
+
+/***********************************************************************
+ * ETHER HEADER
+ ***********************************************************************/
+
+static int _interp_bridge(struct ulogd_pluginstance *pi, u_int32_t len)
+{
+ struct ulogd_key *ret = pi->output.keys;
+ const struct sk_buff *skb =
+ GET_VALUE(pi->input.keys, INKEY_RAW_PCKT).ptr;
+ const u_int16_t proto =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+
+ switch (proto) {
+ case ETH_P_IP:
+ _interp_iphdr(pi, len);
+ break;
+ case ETH_P_IPV6:
+ _interp_ipv6hdr(pi, len);
+ break;
+ case ETH_P_ARP:
+ _interp_arp(pi, len);
+ break;
+ /* ETH_P_8021Q ?? others? */
+ };
+
+ return 0;
+}
+
+
static int _interp_pkt(struct ulogd_pluginstance *pi)
{
u_int32_t len = GET_VALUE(pi->input.keys, INKEY_RAW_PCKTLEN).ui32;
u_int8_t family = GET_VALUE(pi->input.keys, INKEY_OOB_FAMILY).ui8;
+ struct ulogd_key *ret = pi->output.keys;
+
+ ret[KEY_OOB_PROTOCOL].u.value.ui16 =
+ GET_VALUE(pi->input.keys, INKEY_OOB_PROTOCOL).ui16;
+ SET_VALID(ret[KEY_OOB_PROTOCOL]);
switch (family) {
case AF_INET:
return _interp_iphdr(pi, len);
case AF_INET6:
return _interp_ipv6hdr(pi, len);
+ case AF_BRIDGE:
+ return _interp_bridge(pi, len);
}
return 0;
}
{
.type = ULOGD_RET_UINT8,
.name = "oob.family",
- }
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .name = "oob.protocol",
+ },
+
};
static struct ulogd_plugin base_plugin = {
projects / thirdparty / ulogd2.git / commitdiff
