can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
`ip_csum` smallint(5) unsigned default NULL,
`ip_id` smallint(5) unsigned default NULL,
`ip_fragoff` smallint(5) unsigned default NULL,
+ `label` tinyint(3) unsigned default NULL,
`timestamp` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
UNIQUE KEY `key_id` (`_id`)
) ENGINE=INNODB COMMENT='Table for IP packets';
icmpv6_echoseq,
icmpv6_csum,
mac_saddr as mac_saddr_str,
- mac_protocol as oob_protocol
+ mac_protocol as oob_protocol,
+ label as raw_label
FROM ulog2 LEFT JOIN tcp ON ulog2._id = tcp._tcp_id LEFT JOIN udp ON ulog2._id = udp._udp_id
LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id
LEFT JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
_ip_ihl tinyint(3) unsigned,
_ip_csum smallint(5) unsigned,
_ip_id smallint(5) unsigned,
- _ip_fragoff smallint(5) unsigned
+ _ip_fragoff smallint(5) unsigned,
+ _label tinyint(4) unsigned
) RETURNS int(10) unsigned
SQL SECURITY INVOKER
NOT DETERMINISTIC
BEGIN
INSERT INTO ulog2 (oob_time_sec, oob_time_usec, oob_hook, oob_prefix, oob_mark, oob_in, oob_out, oob_family,
ip_saddr, ip_daddr, ip_protocol, ip_tos, ip_ttl, ip_totlen, ip_ihl,
- ip_csum, ip_id, ip_fragoff ) VALUES
+ ip_csum, ip_id, ip_fragoff, label ) VALUES
(_oob_time_sec, _oob_time_usec, _oob_hook, _oob_prefix, _oob_mark, _oob_in, _oob_out, _oob_family,
_ip_saddr, _ip_daddr, _ip_protocol, _ip_tos, _ip_ttl, _ip_totlen, _ip_ihl,
- _ip_csum, _ip_id, _ip_fragoff);
+ _ip_csum, _ip_id, _ip_fragoff, _label);
RETURN LAST_INSERT_ID();
END
$$
icmpv6_echoseq smallint(5) unsigned,
icmpv6_csum int(10) unsigned,
mac_saddr varchar(32),
- mac_protocol smallint(5)
+ mac_protocol smallint(5),
+ _label tinyint(4) unsigned
) RETURNS bigint unsigned
READS SQL DATA
BEGIN
_oob_mark, _oob_in, _oob_out, _oob_family,
_ip_saddr, _ip_daddr, _ip_protocol, _ip_tos,
_ip_ttl, _ip_totlen, _ip_ihl, _ip_csum, _ip_id,
- _ip_fragoff);
+ _ip_fragoff, _label);
IF _ip_protocol = 6 THEN
CALL PACKET_ADD_TCP_FULL(@lastid, tcp_sport, tcp_dport, tcp_seq, tcp_ackseq,
tcp_window, tcp_urg, tcp_urgp, tcp_ack, tcp_psh,
ip_csum integer default NULL,
ip_id integer default NULL,
ip_fragoff smallint default NULL,
+ label smallint default NULL,
timestamp timestamp NOT NULL default 'now'
) WITH (OIDS=FALSE);
icmpv6_echoseq,
icmpv6_csum,
mac_saddr AS mac_saddr_str,
- mac_protocol AS oob_protocol
+ mac_protocol AS oob_protocol,
+ label AS raw_label
FROM ulog2 LEFT JOIN tcp ON ulog2._id = tcp._tcp_id LEFT JOIN udp ON ulog2._id = udp._udp_id
LEFT JOIN icmp ON ulog2._id = icmp._icmp_id LEFT JOIN mac ON ulog2._id = mac._mac_id
LEFT JOIN icmpv6 ON ulog2._id = icmpv6._icmpv6_id;
IN ip_ihl integer,
IN ip_csum integer,
IN ip_id integer,
- IN ip_fragoff integer
+ IN ip_fragoff integer,
+ IN label integer
)
RETURNS bigint AS $$
INSERT INTO ulog2 (oob_time_sec,oob_time_usec,oob_hook,oob_prefix,oob_mark,
oob_in,oob_out,oob_family,ip_saddr_str,ip_daddr_str,ip_protocol,
- ip_tos,ip_ttl,ip_totlen,ip_ihl,ip_csum,ip_id,ip_fragoff)
- VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18);
+ ip_tos,ip_ttl,ip_totlen,ip_ihl,ip_csum,ip_id,ip_fragoff,label)
+ VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$19);
SELECT currval('ulog2__id_seq');
$$ LANGUAGE SQL SECURITY INVOKER;
IN icmpv6_echoseq integer,
IN icmpv6_csum integer,
IN mac_saddr varchar(32),
- IN mac_protocol integer
+ IN mac_protocol integer,
+ IN label integer
)
RETURNS bigint AS $$
DECLARE
_id bigint;
BEGIN
- _id := INSERT_IP_PACKET_FULL($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18) ;
+ _id := INSERT_IP_PACKET_FULL($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13,$14,$15,$16,$17,$18,$47);
IF (ip_protocol = 6) THEN
PERFORM INSERT_TCP_FULL(_id,$19,$20,$21,$22,$23,$24,$25,$26,$27,$28,$29,$30);
ELSIF (ip_protocol = 17) THEN
/* configuration entries */
static struct config_keyset libulog_kset = {
- .num_ces = 7,
+ .num_ces = 8,
.ces = {
{
.key = "bufsize",
.options = CONFIG_OPT_NONE,
.u.value = 0,
},
+ {
+ .key = "numeric_label",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = 0,
+ },
+
}
};
#define unbind_ce(x) (x->ces[4])
#define seq_ce(x) (x->ces[5])
#define seq_global_ce(x) (x->ces[6])
+#define label_ce(x) (x->ces[7])
enum nflog_keys {
NFLOG_KEY_RAW_MAC = 0,
NFLOG_KEY_OOB_PROTOCOL,
NFLOG_KEY_OOB_UID,
NFLOG_KEY_OOB_GID,
+ NFLOG_KEY_RAW_LABEL,
};
static struct ulogd_key output_keys[] = {
.flags = ULOGD_RETF_NONE,
.name = "oob.gid",
},
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.label",
+ },
+
};
static inline int
ret[NFLOG_KEY_OOB_FAMILY].u.value.ui8 = af_ce(upi->config_kset).u.value;
ret[NFLOG_KEY_OOB_FAMILY].flags |= ULOGD_RETF_VALID;
+ ret[NFLOG_KEY_RAW_LABEL].u.value.ui8 = label_ce(upi->config_kset).u.value;
+ ret[NFLOG_KEY_RAW_LABEL].flags |= ULOGD_RETF_VALID;
+
if (ph) {
/* FIXME */
ret[NFLOG_KEY_OOB_HOOK].u.value.ui8 = ph->hook;
/* configuration entries */
static struct config_keyset libulog_kset = {
- .num_ces = 3,
+ .num_ces = 4,
.ces = {
{
.key = "bufsize",
.options = CONFIG_OPT_NONE,
.u.value = ULOGD_RMEM_DEFAULT,
},
+ {
+ .key = "numeric_label",
+ .type = CONFIG_TYPE_INT,
+ .options = CONFIG_OPT_NONE,
+ .u.value = 0,
+ },
+
}
};
enum ulog_keys {
ULOG_KEY_RAW_MAC_LEN,
ULOG_KEY_OOB_FAMILY,
ULOG_KEY_OOB_PROTOCOL,
+ ULOG_KEY_RAW_LABEL,
};
static struct ulogd_key output_keys[] = {
.flags = ULOGD_RETF_NONE,
.name = "oob.protocol",
},
+ {
+ .type = ULOGD_RET_UINT8,
+ .flags = ULOGD_RETF_NONE,
+ .name = "raw.label",
+ },
};
ret[ULOG_KEY_RAW_MAC_LEN].flags |= ULOGD_RETF_VALID;
}
+ ret[ULOG_KEY_RAW_LABEL].u.value.ui8 = ip->config_kset->ces[3].u.value;
+ ret[ULOG_KEY_RAW_LABEL].flags |= ULOGD_RETF_VALID;
+
/* include pointer to raw ipv4 packet */
ret[ULOG_KEY_RAW_PCKT].u.value.ptr = pkt->payload;
ret[ULOG_KEY_RAW_PCKT].flags |= ULOGD_RETF_VALID;
[log2]
group=1 # Group has to be different from the one use in log1
addressfamily=10 # 10 is value of AF_INET6
+numeric_label=1 # you can label the log info based on the packet verdict
# ebtables logging through NFLOG
[log3]
[ulog1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup=1
+#numeric_label=0 # optional argument
[emu1]
file="/var/log/ulogd_syslogemu.log"
projects / thirdparty / ulogd2.git / commitdiff
