summaryrefslogtreecommitdiffstats
path: root/src/conntrack.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2019-02-20 19:41:45 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2019-02-20 19:45:01 +0100
commit293e7eff59e0bfc4401d620b6d38e096fc0e3b04 (patch)
tree1091434f110fb606083b8e5040bf31398e43c091 /src/conntrack.c
parente0dac21ed02e3ac312e6e70674dc540553b2b9e2 (diff)
conntrack: add -o userspace option to tag user-triggered events
The following command: # conntrack -E -o userspace & # conntrack -F [DESTROY] tcp 6 src=122.127.186.172 dst=192.168.10.195 sport=443 dport=48232 packets=56 bytes=5313 src=192.168.10.195 dst=122.127.186.172 sport=48232 dport=443 packets=49 bytes=5174 [ASSURED] [USERSPACE] prints the [USERSPACE] tag at the end of the event, this tells users if this event has been triggered by process, eg. via conntrack command invocation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack.c')
-rw-r--r--src/conntrack.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index e3abe9f..daa93db 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -854,6 +854,7 @@ enum {
_O_ID = (1 << 3),
_O_KTMS = (1 << 4),
_O_CL = (1 << 5),
+ _O_US = (1 << 6),
};
enum {
@@ -864,16 +865,16 @@ enum {
};
static struct parse_parameter {
- const char *parameter[6];
+ const char *parameter[7];
size_t size;
- unsigned int value[6];
+ unsigned int value[7];
} parse_array[PARSE_MAX] = {
{ {"ASSURED", "SEEN_REPLY", "UNSET", "FIXED_TIMEOUT", "EXPECTED"}, 5,
{ IPS_ASSURED, IPS_SEEN_REPLY, 0, IPS_FIXED_TIMEOUT, IPS_EXPECTED} },
{ {"ALL", "NEW", "UPDATES", "DESTROY"}, 4,
{ CT_EVENT_F_ALL, CT_EVENT_F_NEW, CT_EVENT_F_UPD, CT_EVENT_F_DEL } },
- { {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", }, 6,
- { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL },
+ { {"xml", "extended", "timestamp", "id", "ktimestamp", "labels", "userspace" }, 7,
+ { _O_XML, _O_EXT, _O_TMS, _O_ID, _O_KTMS, _O_CL, _O_US },
},
};
@@ -1427,6 +1428,7 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
enum nf_conntrack_msg_type type;
unsigned int op_flags = 0;
struct nf_conntrack *ct;
+ bool userspace = false;
char buf[1024];
switch(nlh->nlmsg_type & 0xff) {
@@ -1480,7 +1482,14 @@ static int event_cb(const struct nlmsghdr *nlh, void *data)
nfct_snprintf_labels(buf, sizeof(buf), ct, type, op_type, op_flags, labelmap);
- printf("%s\n", buf);
+ if (output_mask & _O_US) {
+ if (nlh->nlmsg_pid)
+ userspace = true;
+ else
+ userspace = false;
+ }
+
+ printf("%s%s\n", buf, userspace ? " [USERSPACE]" : "");
fflush(stdout);
counter++;