#define HTABLE_SIZE (8192)
#define MAX_ENTRIES (4 * HTABLE_SIZE)
+#define EVENT_MASK NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_DESTROY
static struct config_keyset nfct_kset = {
- .num_ces = 5,
+ .num_ces = 6,
.ces = {
{
.key = "pollinterval",
.options = CONFIG_OPT_NONE,
.u.value = MAX_ENTRIES,
},
+ {
+ .key = "event_mask",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = EVENT_MASK,
+ },
+
},
};
#define pollint_ce(x) (x->ces[0])
#define prealloc_ce(x) (x->ces[2])
#define buckets_ce(x) (x->ces[3])
#define maxentries_ce(x) (x->ces[4])
+#define eventmask_ce(x) (x->ces[5])
enum nfct_keys {
NFCT_ORIG_IP_SADDR = 0,
NFCT_ICMP_TYPE,
NFCT_CT_MARK,
NFCT_CT_ID,
+ NFCT_CT_EVENT,
NFCT_FLOW_START_SEC,
NFCT_FLOW_START_USEC,
NFCT_FLOW_END_SEC,
.field_id = IPFIX_NF_conntrack_id,
},
},
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "ct.event",
+ },
+
{
.type = ULOGD_RET_UINT32,
.flags = ULOGD_RETF_NONE,
static int propagate_ct(struct ulogd_pluginstance *upi,
struct nfct_conntrack *ct,
unsigned int flags,
+ int type,
struct ct_timestamp *ts)
{
struct ulogd_key *ret = upi->output.keys;
int dir;
-
+
+ ret[NFCT_CT_EVENT].u.value.ui32 = type;
+ ret[NFCT_CT_EVENT].flags |= ULOGD_RETF_VALID;
+
dir = NFCT_DIR_ORIGINAL;
ret[NFCT_ORIG_IP_SADDR].u.value.ui32 = htonl(ct->tuple[dir].src.v4);
ret[NFCT_ORIG_IP_SADDR].flags |= ULOGD_RETF_VALID;
struct ulogd_pluginstance *npi = NULL;
struct nfct_pluginstance *cpi =
(struct nfct_pluginstance *) upi->private;
+ struct ct_timestamp *ts = NULL;
int ret = 0;
if (type == NFCT_MSG_NEW) {
- if (usehash_ce(upi->config_kset).u.value != 0)
+ if (usehash_ce(upi->config_kset).u.value != 0) {
ct_hash_add(cpi->ct_active, ct->id);
+ return 0;
+ }
} else if (type == NFCT_MSG_DESTROY) {
- struct ct_timestamp *ts = NULL;
-
if (usehash_ce(upi->config_kset).u.value != 0)
ts = ct_hash_get(cpi->ct_active, ct->id);
+ }
- /* since we support the re-use of one instance in
- * several different stacks, we duplicate the message
- * to let them know */
- llist_for_each_entry(npi, &upi->plist, plist) {
- ret = propagate_ct(npi, ct, flags, ts);
- if (ret != 0)
- return ret;
- }
- return propagate_ct(upi, ct, flags, ts);
+ /* since we support the re-use of one instance in
+ * several different stacks, we duplicate the message
+ * to let them know */
+ llist_for_each_entry(npi, &upi->plist, plist) {
+ ret = propagate_ct(npi, ct, flags, type, ts);
+ if (ret != 0)
+ return ret;
}
- return 0;
+ return propagate_ct(upi, ct, flags, type, ts);
}
static int read_cb_nfct(int fd, unsigned int what, void *param)
(struct nfct_pluginstance *)upi->private;
int prealloc;
- /* FIXME: make eventmask configurable */
- cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK, NF_NETLINK_CONNTRACK_NEW|
- NF_NETLINK_CONNTRACK_DESTROY);
+ cpi->cth = nfct_open(NFNL_SUBSYS_CTNETLINK,
+ eventmask_ce(upi->config_kset).u.value);
if (!cpi->cth) {
ulogd_log(ULOGD_FATAL, "error opening ctnetlink\n");
return -1;
projects / thirdparty / ulogd2.git / commitdiff
