*/
#include <ulogd/ulogd.h>
-#include "libnfnetlink.h"
-#include "libctnetlink.h"
+#include <libnfnetlink.h>
+#include <libctnetlink.h>
-struct ulogd_ctnl_pluginstance {
+static struct ulogd_ctnl_pluginstance {
struct ulogd_pluginstance upi;
struct ctnl_handle cth;
};
+static int ctnl_parser(struct ulogd_pluginstance *pi,
+ struct nfattr *attr, struct nlmsghdr *nlh)
+{
+ struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh));
+ unsigned int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len);
+ struct ip_conntrack_tuple *orig;
+ struct cta_countrs *ctr;
+
+ /* FIXME: what about reply direction ? */
+ while (NFA_OK(attr, attrlen)) {
+ switch (attr->nfa_type) {
+ case CTA_ORIG:
+ orig = NFA_DATA(attr);
+ pi->output.keys[0].u.ui32 = orig->src.ip;
+ pi->output.keys[1].u.ui32 = orig->dst.ip;
+ pi->output.keys[2].u.value.ui8 = orig->dst.protonum;
+ /* FIXME: l4 port numbers */
+ break;
+ case CTA_COUNTERS:
+ ctr = NFA_DATA(attr);
+ pi->output.keys[5].u.value.ui32 = ctr->orig.bytes;
+ pi->output.keys[6].u.value.ui32 = ctr->prog.packets;
+ break;
+ }
+ attr = NFA_NEXT(attr, attrlen);
+ }
+ return 0;
+}
+
static int event_handler(struct sockaddr_nl *sock, struct nlmsghdr *nlh,
void *arg)
{
return 0;
}
-struct ctnl_msg_handler new_h = {
+static struct ctnl_msg_handler new_h = {
.type = IPCTNL_MSG_CT_NEW,
.handler = event_handler,
};
-struct ctnl_msg_Handler destroy_h = {
+static struct ctnl_msg_Handler destroy_h = {
.type = IPCTNL_MSG_CT_DELETE,
.handler = event_handler,
};
-static struct ulogd_plugin ctnl_plugin = {
- .name = "CTNL",
- .input = {
- .keys =,
- .num_keys = 1,
- .type = ULOGD_DTYPE_NULL,
- },
- .output = {
- .keys =,
- .num_keys = 1,
- .type = ULOGD_DTYPE_FLOW,
- },
- .interp = ,
- .constructor = ,
- .descructor = ,
- .config_kset = ,
-};
-
-
-
static struct ulogd_pluginstance *constructor_ctnl(struct ulogd_plugin *pl)
{
struct ulogd_ctnl_pluginstance *cpi = malloc(sizeof *cpi);
cpi->plugin = pl;
cpi->input = FIXME;
- cpi->>output = FIXME;
+ cpi->output = FIXME;
if (ctnl_open(&cpi->cth, NFGRP_IPV4_CT_TCP|NFGRP_IPV4_CT_UDP) < 0) {
print("error\n");
return 0;
}
-
+
+static struct ulogd_key ctnl_okeys[] = {
+ {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.saddr",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_IPADDR,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.daddr",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .key = "ip.protocol",
+ .ipfix = { },
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .key = "tcp.sport",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 7,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT16,
+ .flags = ULOGD_RETF_NONE,
+ .key = "tcp.dport",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 11,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.pktlen",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 1,
+ },
+ },
+ {
+ .type = ULOGD_RET_UINT32,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.pktcount",
+ .ipfix = {
+ .vendor = IPFIX_VENDOR_IETF,
+ .field_id = 2,
+ },
+ },
+
+};
+
+static struct ulogd_plugin ctnl_plugin = {
+ .name = "CTNL",
+ .input = {
+ .keys = NULL,
+ .num_keys = 0,
+ .type = ULOGD_DTYPE_NULL,
+ },
+ .output = {
+ .keys = &ctnl_okeys,
+ .num_keys = sizeof(ctnl_okeys)/sizeof(struct ulogd_key),
+ .type = ULOGD_DTYPE_FLOW,
+ },
+ .interp = ,
+ .constructor = &constructor_ctnl,
+ .descructor = &destructor_ctnl,
+ .config_kset = ,
+};
+
+
+
+
projects / thirdparty / ulogd2.git / commitdiff
